Refresh Token not returned from accessToken endpoint

Question

For the Community API, Using the OAuth 2.0 grant flow, we're able to successfully retrieve an access token from the /api/2.0/auth/accessToken endpoint.However, in it's response the refresh_token field is not returned. As a result we are then unable to refresh the token via /api/2.0/auth/refreshToken.Here is the response we're getting from /api/2.0/auth/accessToken:&nbsp;{
"status":"success",
"message":"",
"http_code":200,
"data":{
"access_token":"REDACTED",
"lithiumUserId":"REDACTED",
"token_type":"bearer",
"userId":"REDACTED",
"expires_in":3600
}
}&nbsp;

adamn · Answer

Hi&nbsp;zachtines&nbsp;, I'd suggest checking whether the account you're using to login has Auto Sign-in enabled. If so, the refresh token will not be returned. This is what the "Note" on this page is referring to:&nbsp;https://developer.khoros.com/khoroscommunitydevdocs/reference/request-auth-token-oauth
One thing that's not clear from the documentation is that disabling Auto Sign-in via the admin will not resolve this issue for existing accounts, since the preference will have already been stored in the existing account. You would need to login to the UI with the account and disable Auto Sign-in in the individual account's preferences.
I hope this helps!

zachtines · Answer

Hey AdamN! Thanks for the suggestion and insight. Do you know the path in the Account Preferences of where that's located at the user level? We're not seeing it on our end.

zachtines · Answer

AdamN&nbsp;Also seems like the Note vs your reply is a little conflicting."Make sure that the Turn-off Auto Sign-in checkbox is cleared"vs"... checking whether the account you're using to login has Auto Sign-in enabled.&nbsp;If so, the refresh token will not be returned."To confirm, we want Auto Sign in disabled, thus the admin setting SHOULD be checked. correct?Then from the individual user we also want their account preferences to have this disabled as well?

adamn · Answer

zachtines&nbsp;Thanks for flagging the conflicting information. Despite how the setting is named, it appears the documentation is actually correct... Having the setting unchecked will allow a refresh token to be generated. I'll flag this for our product and docs team to see if we can improve this.
I would give that a try first, and if it's still not working for your individual user account, you would normally find it under My Settings &gt; Personal &gt; Auto-Signin Options

zachtines · Answer

Hey AdamN thanks for the clarification!Regarding the personal settings path, This doesn't seem to be available under the account in question whom of which is also a Khoros Community Admin. Under Mysettings &gt; Personal we only have the following options:Username, Email, Personal Information, Likes Weight Override, and Close Account

Forum Discussion

Refresh Token not returned from accessToken endpoint

Related Content

Unable to invoke a custom endpoint from another custom endpoint

Can I cache the JSON returned by an endpoint? Would like to not make the AJAX or API call repeatedly

how to make implement endpoint with ajax?

Set HTTP response code on custom endpoint

Returning all messages with a certain tag?

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined