How to get refresh_token in Okta using SPA or web app

Question

I'm using the okta-auth-js with SPA and I want to retrieve the refresh token.

My config is the following:

okta: {
    issuer: 'https://myIssuer/oauth2/default',
    clientId: '0oahHMKdu3BlV0x1hdoa7lV0',
    redirectUri: 'http://localhost:3000/login/callback',
    responseType: 'code'
  }

And I perform the authentication like this:

oktaAuth.signInWithCredentials({
    username,
    password
  }).then((transaction) => {
      switch (transaction.status) {
        case 'SUCCESS': {
          const { sessionToken } = transaction;
          oktaAuth.token.getWithRedirect({ sessionToken });
          break;
        };
        ... // Other status cases

I have enable refresh token rotation in the Okta dashboard but I get only access_token and id_token as response.

My question is how to get the refresh_token also?

score 2 · Answer 1 · answered Jun 16 '21 at 14:17

2

You need to include offline_access in your scopes

source

answered Jun 16 '21 at 14:17

Andrew Gillis

3,250
2
13
15

score 1 · Accepted Answer · answered Jun 16 '21 at 14:18

I've found the solution :)

You have to add the offline_access scope with the session token when you call /authorize.

For example:

oktaAuth.signInWithCredentials({
    username,
    password
  }).then((transaction) => {
          switch (transaction.status) {
            case 'SUCCESS': {
              const { sessionToken } = transaction;
              oktaAuth.token.getWithRedirect({
                sessionToken,
                scopes: ['openid', 'offline_access']
              });
              break;
            }
        ... // Other status cases

How to get refresh_token in Okta using SPA or web app

2 Answers2