Server Get a refresh token with an access token using WSO2 Identity Server

Question

I am making the following curl call:

curl -k -d "grant_type=client_credentials" -H "Authorization: Basic <Encoded ID & Secret>)" https://MyIDPUrl/token

I get a response of:

{
    "access_token":"MyAccessTokenHere",
    "scope":"am_application_scope default",
    "token_type":"Bearer",
    "expires_in":3212
}

It all seems fine, except that I am not getting a refresh token. I tried adding &scope=openid to the url, and that added an id_token to the response, but not a refresh token.

How can I get a refresh token with WSO2?

Hasanthi Hasanthi · Accepted Answer · 2020-02-07T04:11:48

Yes for the client_credentials grant type there is no usage of having a refresh token. But if you want to get a refresh token you can allow getting a refresh token by changing a configuration in the identity.xml (IS_Home/repository/conf/identity) In the following section,

        <SupportedGrantType>
            <GrantTypeName>client_credentials</GrantTypeName>
            <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
            <IsRefreshTokenAllowed>false</IsRefreshTokenAllowed>
            <IdTokenAllowed>false</IdTokenAllowed>
        </SupportedGrantType>

if you change the value of the IsRefreshTokenAllowed to true it should return a refresh token. (You need to restart the server after changing the configuration value). By default it is false as there is no user engagement in this grant type refresh token is not useful.

Server Get a refresh token with an access token using WSO2 Identity Server

3 Answers