将授权代码与 PKCE 一起使用时缺少 refresh_token
Missing refresh_token when using authorization code with PKCE
授权管理后 api 使用带有 PKCE 的 oauth2 代码流 来自 POST https://login.tapkey.com/connect/token 的响应不 return 刷新令牌。我错过了什么吗?
用户重定向到 https://login.tapkey.com/connect/authorize?client_id=[...]&redirect_uri=[...]&scope=write%3Agrants&response_type=code&state=[...]&code_challenge=[...]&code_challenge_method=S256"
回调后,我请求 POST https://login.tapkey.com/connect/token 使用以下表单数据:
[
"grant_type" => "authorization_code"
"client_id" => "[...]"
"client_secret" => null
"code" => "[...]"
"redirect_uri" => "[...]"
"code_verifier" => "[...]"
]
我得到的回复是
[
"access_token" => "[...]"
"expires_in" => 3600
"token_type" => "Bearer"
"scope" => "write:grants"
]
如此处所述https://developers.tapkey.io/api/authentication/pkce/#refreshing-an-access-token,要获得 refresh_token,您还需要请求范围“offline_access”。
授权管理后 api 使用带有 PKCE 的 oauth2 代码流 来自 POST https://login.tapkey.com/connect/token 的响应不 return 刷新令牌。我错过了什么吗?
用户重定向到 https://login.tapkey.com/connect/authorize?client_id=[...]&redirect_uri=[...]&scope=write%3Agrants&response_type=code&state=[...]&code_challenge=[...]&code_challenge_method=S256"
回调后,我请求 POST https://login.tapkey.com/connect/token 使用以下表单数据:
[
"grant_type" => "authorization_code"
"client_id" => "[...]"
"client_secret" => null
"code" => "[...]"
"redirect_uri" => "[...]"
"code_verifier" => "[...]"
]
我得到的回复是
[
"access_token" => "[...]"
"expires_in" => 3600
"token_type" => "Bearer"
"scope" => "write:grants"
]
如此处所述https://developers.tapkey.io/api/authentication/pkce/#refreshing-an-access-token,要获得 refresh_token,您还需要请求范围“offline_access”。