You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, the request is not sent with the audience, which could result in the access token payload being missing. I tried passing the audience in the grant payload:
const data = await auth0.oauth.refreshTokenGrant({
audience: MY_AUDIENCE,
refresh_token,
});
which resulted in the audience being sent in the request:
This is expected behavior. In order for a refresh token grant to return a JWT access token, instead of an opaque token (token without a payload), the original offline_access token grant must have included an audience. This is not clear in the documentation. I opened PR: #984 to clarify.
Checklist
Description
I’m using the latest version of auth0-node (4.2.0) to do a refresh grant exactly as shown in the example:
I’ve populated domain with the tenant and region subdomain as shown in the example. The access token returned is missing the payload:
"access_token": "[...]29tLyJ9..JdBYlv[...]", // <- token is missing payload:
I posted this issue to the Auth0 community board: https://community.auth0.com/t/auth0-node-refresh-grant-missing-payload/125305
Reproduction
Additional context
The node grant request looks like this:
By default, the request is not sent with the audience, which could result in the access token payload being missing. I tried passing the audience in the grant payload:
which resulted in the audience being sent in the request:
however, the access token was still missing the payload.
The equivalent curl command also returned an access token with missing payload.
Password and client credentials grants work without issue.
node-auth0 version
4.2.0
Node.js version
18.16.0
The text was updated successfully, but these errors were encountered: