Refresh Token upgrade to offline_token

infl00p · April 19, 2024, 5:12pm

My question is if it is possible to request an offline token using a refresh request and the normal refresh token using offline_access in the scope of the request?
I can get an offline token using the authorization request and continue to use it as an refresh token but I want to upgrade existing refresh tokens without having the users to log in again.

I have added the offline_access in the scope in my refresh request body but I continue to get a normal refresh token. Do I need to change offline_access to Default in my client configuration?

dasniko · April 19, 2024, 8:34pm

You can’t. This would also be against the spec, chapter 11 Offline Access: Final: OpenID Connect Core 1.0 incorporating errata set 2
The user MUST give consent to issuing an offline token.

Topic		Replies	Views
Regular refresh token from offline token Getting advice	0	542	February 4, 2020
Refresh_token and offline_access scope	6	3671	March 27, 2024
Offline token is gone when refreshing the page Getting advice adapter-javascript	0	831	December 15, 2021
Allow a client to issue access & refresh tokens (offline tokens) Getting advice oidc	0	348	September 3, 2021
Confused about Offline Token behavior Getting advice	3	4257	February 27, 2024

Refresh Token upgrade to offline_token

Related topics