https://www.ory.sh/ logo
#talk-hydra
Title
# talk-hydra
c

chilly-arm-43055

04/19/2022, 3:22 PM
Hi Hydra Team! Quick question: is there a doc explaining how to enable/how to use refresh tokens? It seems by default the
POST /oauth2/token
endpoint doesn’t return a refresh token and I couldn’t find documentation discussing the topic. Thank you!
m

magnificent-energy-493

04/19/2022, 3:35 PM
Hey Guillame, What flow are you trying to do, what are the steps to reproduce it?
<https://www.ory.sh/docs/hydra/concepts/oauth2#oauth-20-refresh-tokens
|from hydra docs>:
OAuth 2.0 Refresh Tokens are issued only for the following flows:
• Authorization Code Flow:
response_type=code
• OpenID Hybrid Flow with Authorization Code Flow reponse type:
response_type=code+{other_response}
To get Refresh Tokens, OAuth 2.0 clients must be allowed to request the
offline_access
scope.
c

chilly-arm-43055

04/19/2022, 3:43 PM
Thank you Vincent! I missed that page and Google didn’t help me. I’m using the client credentials flow, that explains why I don’t get a refresh token. Is that specified in the OAuth2 RFC that refresh tokens should only be issued for the authorization code flow?
m

magnificent-energy-493

04/19/2022, 3:48 PM
I would have to read the spec again, but since Hydra passes all the OAuth2 tests I believe so!
c

chilly-arm-43055

04/19/2022, 3:51 PM
Indeed, it makes sense: https://stackoverflow.com/a/43349958/3163440 Thank you Vincent!
👍 1