Hi Hydra Team! Quick question: is there a doc explaining how to enable/how to use refresh tokens? It seems by default the

POST /oauth2/token

endpoint doesn’t return a refresh token and I couldn’t find documentation discussing the topic. Thank you!

Hey Guillame, What flow are you trying to do, what are the steps to reproduce it?

<https://www.ory.sh/docs/hydra/concepts/oauth2#oauth-20-refresh-tokens

|from hydra docs>:

OAuth 2.0 Refresh Tokens are issued only for the following flows:

• Authorization Code Flow:

response_type=code

• OpenID Hybrid Flow with Authorization Code Flow reponse type:

response_type=code+{other_response}

To get Refresh Tokens, OAuth 2.0 clients must be allowed to request the

offline_access

scope.

Thank you Vincent! I missed that page and Google didn’t help me. I’m using the client credentials flow, that explains why I don’t get a refresh token. Is that specified in the OAuth2 RFC that refresh tokens should only be issued for the authorization code flow?

I would have to read the spec again, but since Hydra passes all the OAuth2 tests I believe so!

Indeed, it makes sense: https://stackoverflow.com/a/43349958/3163440 Thank you Vincent!