Oauth2 not generating refresh_token


#1

POST
http://192.168.0.19:8080/oauth/tyk/oauth/authorize-client/
response_type:token
client_id:69d602451a354f606cc99e8d48d49f84
redirect_uri:http://xxx.com.br/c

Result Body
{
“access_token”: “58615cfa190b620001c0ebd8be640890deb240ef46d238f67616d162”,
“expires_in”: 3600,
“redirect_to”: “http://xxx.com.br/c#access_token=58615cfa190b620001c0ebd8be640890deb240ef46d238f67616d162&expires_in=3600&token_type=bearer”,
“token_type”: “bearer”
}

Why im not receiving the refresh_token?

My Auth api config:
“oauth_meta”: {
“allowed_access_types”: [
“refresh_token”
],
“allowed_authorize_types”: [
“token”
],
“auth_login_redirect”: “http://xxx.com.br/a
},

“notifications”: {
“shared_secret”: “123”,
“oauth_on_keychange_url”: “http://posttestserver.com/post.php?dir=oauth_notifications
},


#2

I believe the refresh token is only supported with the authorisation code flow, i.e. you generate an authorisation code which the client then exchanges for a token, it also then receives a refresh token.


#3

Thansk for your reply, i change my flow to the authorization code flow. And im getting problem to retrieve de bearer / refresh token right now.

POST: http://192.168.0.19:8080/oauth/oauth/token/
with x-tyk-authorization header.

request BODY: (x-www-form-urlencoded)

grant_type:authorization_code
client_id :69d602451a354f606cc99e8d48d49f84
code:UUcNckKoQn2l7wdrqpSx8w
redirect_uri :http://xxx.com.br/c

response:
{“error”:“invalid_request”,“error_description”:“The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.”}

why im getting this error?

Did i miss something?


#4

This is the flow I used on my test machine:

POST /oauth-test/tyk/oauth/authorize-client/ HTTP/1.1
Host: xxx.xxx.xxx:81
X-Tyk-Authorization: 352d20ee67be67f6340b4c0605b044b7
Cache-Control: no-cache
Postman-Token: 80785df8-636f-86b2-3e44-2c73c7998756
Content-Type: application/x-www-form-urlencoded

response_type=code&client_id=238174d5d182405d7c90ecf584cfd4da&redirect_uri=http%3A%2F%2Fgoogle.com

Then:

POST /oauth-test/oauth/token/ HTTP/1.1
Host: xxx.xxx.xxx:81
Authorization: Basic MjM4MTc0ZDVkMTgyNDA1ZDdjOTBlY2Y1ODRjZmQ0ZGE6WWpnNU9USmlOMlF0TTJGbVlpMDBaakJpTFRZME9HUXRaVEU0WVRWa05XTmhaVEpo
Cache-Control: no-cache
Postman-Token: 5730f0bb-c12b-06c0-e386-765a8645ddc6
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=238174d5d182405d7c90ecf584cfd4da&redirect_uri=http%3A%2F%2Fgoogle.com&code=iv4u2wwQS2-bLuBsaojdRA

Might be worth checking the names of the params…