Not receiving a Refresh Token in OAUTH Workflow

  • 1
  • Problem
  • Updated 1 year ago
  • Solved
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

I'm following the OAUTH workflow / guide from the documentation here: https://developer.automatic.com/api-reference/#authentication

But when I request the access token, I'm not getting the refresh token along with it:
I receive the access_token, expires_in, scope, and token_type -- but the response is missing the refresh_token.

Any idea why? Help! :)
Photo of Matt Farley

Matt Farley

  • 1,506 Points 1k badge 2x thumb

Posted 1 year ago

  • 1
Photo of Amy

Amy

  • 68,970 Points 50k badge 2x thumb
Thanks for reporting this & for all the info, Matt. One of the server engineers is going to investigate this as soon as he has a moment. 
Photo of Aniruddha Maru

Aniruddha Maru, Principle Server Engineer

  • 172 Points 100 badge 2x thumb
Hi Matt,

We have been unable to reproduce this issue with the steps as described on the developer documentation. I auth'ed with your app titled Testing (`client_id` last 4: `e764`), and created a new token, and then refreshed it.

Looking at the code, I'm unable to see a case where this would yield bad response (other than if you were being rate limited - but I guess that's not the case here?)

Are you seeing anything unusual in the response headers? Is the response well-formed json?

Which client are you trying this with (last 4 of client id should suffice)?

You can also email support@automatic.com if you want to send any confidential information without putting it here.

Thanks!
Photo of Matt Farley

Matt Farley

  • 1,506 Points 1k badge 2x thumb
Sorry for the delay, long week!

The last 4 of the client id is = 5db1
Photo of Aniruddha Maru

Aniruddha Maru, Principle Server Engineer

  • 172 Points 100 badge 2x thumb
Hi Matt,

I think I know what's going on - it appears if you create an access token using `Generate Test Token for Your Account` tool in developer.automatic.com console, the generated token doesn't have a refresh token associated w/ it (that's a bug). 

Now, when you try to issue a token using the browser based workflow - it doesn't attempt to create a new access token (and refresh token), since one already exists for the scopes you requested.

If you generated the 3 tokens on your client using the above workflow, you can wipe them out using `REVOKE ALL USER TOKENS` tool, and re-generate them using the browser/curl based workflow. Alternatively, you can request a new set of scopes which should also force a new token - just don't use the developer.automatic.com console.

Please let me know if this fixes your problem.

Thanks!
(Edited)
Photo of Matt Farley

Matt Farley

  • 1,506 Points 1k badge 2x thumb
You nailed it! Revoking the tokens did the trick. Thanks!

This conversation is no longer open for comments or replies.