- Tokens
- Access Tokens
-
Refresh Tokens
- How to enable issuing of a refresh token
- Refresh tokens after being used
- ID Tokens
- Proof-of-Possession (PoP) Tokens
-
Grant Type
- Scopes
- PKCE (RFC 7636)
- Client Management
- Authorization Requests
- User Authentication
- Error Handling
- Client Authentication
- Introspection
- Userinfo Endpoint
- JARM
- Device Flow (RFC 8628)
How to enable issuing of a refresh token
In order to include a refresh token in a response from /auth/token API, you have to configure both Authlete service and its clients.
If not configured, Refresh Token Grant Type (grant_type=refresh_token) is disabled. Issuing of a refresh token for other grant types such as Authorization Code Grant Type (grant_type=authorization_code) is also omitted.
If not configured, Refresh Token Grant Type (grant_type=refresh_token) is disabled. Issuing of a refresh token for other grant types such as Authorization Code Grant Type (grant_type=authorization_code) is also omitted.
Authlete service settings
Add "REFRESH_TOKEN" to Supported Grant Types. The settings can be found under Authorization tab in Service Owner Console.

Client settings
Add "REFRESH_TOKEN" to Grant Types. The settings can be found under Authorization tab in Developer Console.

How did we do with this article?