Refresh token isn't generated on client_credentials grant_type

danschultzer / phoenix_oauth2_provider

Get an OAuth 2 provider running in your phoenix with controllers, views and models in just two minutes

MIT License

84 stars 41 forks source link

Refresh token isn't generated on client_credentials grant_type #34

Closed lucasbesen closed 4 years ago

lucasbesen commented 4 years ago

My configs:

grant_flows: ~w(client_credentials),
use_refresh_token: true

{
    "access_token": "825586b8f3b102090599004cda4d9eeb51433c53b38a124f65e62e7caa9d3424",
    "created_at": "2019-11-12T12:30:49",
    "expires_in": 7200,
    "refresh_token": null,
    "scope": "",
    "token_type": "bearer"
}

I'm trying to create a access/refresh token with client_credentials grant type but refresh token isn't being generated

danschultzer commented 4 years ago

It's not permitted to grant refresh token with client_credentials grant type per RFC specs: https://tools.ietf.org/html/rfc6749#section-4.4.3

If you need refresh token you should use the code auth flow.