0

For my external application I have a requirement to retrieve a refresh token without sending the user through the consent flow.

I have tried following the documentation which describes the available scopes and says that using the scope https://api.banno.com/consumer/auth/offline_access will cause the authorization server to return a refresh token without sending the user through a consent flow.

When I make an authorization request with the scope https://api.banno.com/consumer/auth/offline_access, the authorization server is erroring with a 500 error.

When I make the request without the https://api.banno.com/consumer/auth/offline_access scope my request will succeed, but I will not get a refresh token back.

Brian
  • 1
  • 1

1 Answers1

0

Is this in the context of requesting a Refresh Token as part of a Plugin?

The original question doesn't specify, but we've had at least one other developer report an issue with requesting a Refresh Token when using an External Application as part of a Plugin.

(Using an External Application to request a Refresh Token outside of the context of a Plugin is unaffected.)

Jaime Lopez Jr.
  • 476
  • 1
  • 3
  • 9
  • Yes, the authorization request in this case is initiated when a plugin is opened in the browser. My server redirects the browser to the authorization server and if the authorization request includes the scope `https://api.banno.com/consumer/auth/offline_access` the authorization server will error with a 500 – Brian Mar 25 '22 at 18:57
  • Okay, that sounds like the same error which other developers have encountered. We'll work with Engineering to sort things out. – Jaime Lopez Jr. Mar 25 '22 at 22:50
  • Engineering has deployed a fix for this today. You should now be able to request that a `Refresh Token` be issued when starting the auth flow by including the `https://api.banno.com/consumer/auth/offline_access` scope. – Jaime Lopez Jr. May 03 '22 at 15:11