Clarify obtaining a refresh token that can be used to obtain JWT acce… #984
Conversation
…ss tokens in docs
There was a problem hiding this comment.
Thanks for helping improving the documentation.
Whether or not the access token is a jwt is unrelated to whether or not u use a refresh token. As you point out in the community post, your initially access token isnt a jwt neither. What you want to fix is the initial call, not the subsequent refresh token calls.
Additionally, this is not only the case for password grant. This behaves like this in all grants. Even more so, this is the behavior with every one of our SDKs, not just this SDK.
I believe the current example is focussing on password grant and refresh token, while the issue at hand is solely about access tokens being a jwt or not based on the existence of an audience. In case of a refresh token, it just follows the same structure as initially set without the refresh token.
Happy to merge a PR that adds a FAQ about "The access token isn't a JWT", with An explanation on audience without mentioning any grant specifically, but i believe the current example isn't something we want to merge.
I know this repo doesnt have a FAQ yet, but we can add a FAQ.md in the root, like we do here https://github.com/auth0/auth0-angular/blob/main/FAQ.md.
…ss tokens in docs
Changes
Adds a password grant example to
EXAMPLES.mdto explain how to get a refresh token that can be used to subsequently obtain JWT access tokens, instead of opaque tokens.References
GH Issue: #983
Community forum issue: https://community.auth0.com/t/auth0-node-refresh-grant-missing-payload/125305
Testing
Doc change only.
Checklist