Hi Hydra Team! Quick question: is there a doc expl...
# talk-hydra
Hi Hydra Team! Quick question: is there a doc explaining how to enable/how to use refresh tokens? It seems by default the
POST /oauth2/token
endpoint doesn’t return a refresh token and I couldn’t find documentation discussing the topic. Thank you!
Hey Guillame, What flow are you trying to do, what are the steps to reproduce it?
|from hydra docs>:
OAuth 2.0 Refresh Tokens are issued only for the following flows:
• Authorization Code Flow:
• OpenID Hybrid Flow with Authorization Code Flow reponse type:
To get Refresh Tokens, OAuth 2.0 clients must be allowed to request the
Thank you Vincent! I missed that page and Google didn’t help me. I’m using the client credentials flow, that explains why I don’t get a refresh token. Is that specified in the OAuth2 RFC that refresh tokens should only be issued for the authorization code flow?
I would have to read the spec again, but since Hydra passes all the OAuth2 tests I believe so!
Indeed, it makes sense: https://stackoverflow.com/a/43349958/3163440 Thank you Vincent!
👍 1