Open davidwarshaw opened 8 months ago
Re the community forum post here: https://community.auth0.com/t/auth0-node-refresh-grant-missing-payload/125305
This is expected behavior. In order for a refresh token grant to return a JWT access token, instead of an opaque token (token without a payload), the original offline_access
token grant must have included an audience. This is not clear in the documentation. I opened PR: https://github.com/auth0/node-auth0/pull/984 to clarify.
Thanks for the PR. I left a comment on the PR.
Checklist
Description
I’m using the latest version of auth0-node (4.2.0) to do a refresh grant exactly as shown in the example:
I’ve populated domain with the tenant and region subdomain as shown in the example. The access token returned is missing the payload:
"access_token": "[...]29tLyJ9..JdBYlv[...]", // <- token is missing payload:
I posted this issue to the Auth0 community board: https://community.auth0.com/t/auth0-node-refresh-grant-missing-payload/125305
Reproduction
Additional context
The node grant request looks like this:
By default, the request is not sent with the audience, which could result in the access token payload being missing. I tried passing the audience in the grant payload:
which resulted in the audience being sent in the request:
however, the access token was still missing the payload.
The equivalent curl command also returned an access token with missing payload.
Password and client credentials grants work without issue.
node-auth0 version
4.2.0
Node.js version
18.16.0