Hi @PinpointTownes
I have the problem with the refresh flow. The refresh flow doesn't return refresh_token

Here is my author controller
https://github.com/Awesome-CMS-Core/Awesome-CMS-Core/blob/ACC-login-redirect/src/AwesomeCMSCore/Modules/AwesomeCMSCore.Modules.Account/Controllers/API/AuthorizationController.cs
And my start up code
https://github.com/Awesome-CMS-Core/Awesome-CMS-Core/blob/ACC-login-redirect/src/AwesomeCMSCore/AwesomeCMSCore/Extension/ServiceCollectionExtensions.cs#L170-L254
Am I missing something ?
Hey,
https://github.com/openiddict/openiddict-core/issues/462 should put you on the right track.
So you mean that I can only have 1 refresh_token. What if token expired again ?
By default, OpenIddict will now issue a single refresh token and manage its lifetime dynamically by extending its expiration date every time it's used in a refresh token request. This refresh token is not automatically revoked and can be used until it expires.
ok so that mean i can store the refresh_token in my local storage and use it for multi refresh request right ?
Yes.
Thank for your confirmation
HI @ngohungphuc , @PinpointTownes
Could you please help or share me on openiddict related sample in ASP.NET Core 2.2 as per below scenario
@ajithkumarrai
For OpenIddict refresh token flow, see https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow.
Unfortunately, there's no official sample without EF integration, but there's only one real different from the samples, you should create your own models and storages, see OpenIddict.EntityFrameworkCore, OpenIddict.EntityFrameworkCore.Models, OpenIddict.MongoDb, and OpenIddict.MongoDb.Models for that.
Hi
@ajithkumarrai
For OpenIddict refresh token flow, see https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow.
Unfortunately, there's no official sample without EF integration, but there's only one real different from the samples, you should create your own models and storages, see OpenIddict.EntityFrameworkCore, OpenIddict.EntityFrameworkCore.Models, OpenIddict.MongoDb, and OpenIddict.MongoDb.Models for that.
242 and #328 may helps.
Thanks you for reply
In attached files i crated sample by following https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow this link, but while generating token(in password type response) it is not giving refresh_token attribute in response.
we are using Enterprise NoSQL otherthan MongoDb and we don't want to maintain storage for refresh tokens.
Could you please check attached files (with out EF or storage i am able to generate token but in response no refresh token)
@ajithkumarrai
but while generating token(in password type response) it is not giving refresh_token attribute in response.
offline_access scope should be add to your request for refresh_token,
@ajithkumarrai You can check my code here
https://github.com/SaiGonSoftware/Awesome-CMS-Core/
do we need to maintain refresh token in db ?
Even after following sample not getting refresh token
added scope like this
ticket.SetScopes(new[]
{
OpenIdConnectConstants.Scopes.OpenId,
OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIdConnectConstants.Scopes.OfflineAccess,
OpenIddictConstants.Scopes.Roles
}.Intersect(oidcRequest.GetScopes()));

@ajithkumarrai I save refresh token in localstorage but you can save to db. It's just personal preference
It means we need to store refresh token, it will not be handled by openiddict automatically like ASOS ?
we don't have sql or mongodb we are using Marklogic and also we don't want to save tokens in db
could you please guide me on this.
Local storage means : client script side right ? but before only i am not getting refresh token as per above screen shot.
In this above screen when i was requesting for token(password type) i am not receiving refresh token
It means we need to store refresh token, it will not be handled by openiddict automatically like ASOS ?
we don't have sql or mongodb we are using Marklogic and also we don't want to save tokens in db
could you please guide me on this.Local storage means : client script side right ? but before only i am not getting refresh token as per above screen shot.
In this above screen when i was requesting for token(password type) i am not receiving refresh token
@ajithkumarrai:
You need to set the scope as openid offline_access in your request. Read more here: https://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-testing-your-authorization-server-with-postman/
Most helpful comment