How to generate refresh_token?

Refresh tokens are optional, you can enabled it on the consumer entity under the grant types /admin/config/services/consumer. Scopes can now be specific for grant types, so you will need to enable the "Refresh token" grant type as well on the associated scopes /admin/config/people/simple_oauth/oauth2_scope/dynamic.

If you have more questions, feel free to reach out.

I see where Refresh Token can be enabled on both the Consumer entity and the Scope. However, I thought this was about *accepting* the refresh token, rather than *generating* one as part of the Client Credentials authorization. I'm still only getting access_tokens from /oauth/token, no matter how I seem to configure the consumer or scope.

Do I need to parameterize the request to /oauth/token in some way to get it to generate a refresh_token alongside my access_token? Right now I'm just passing in client_id, grant_type (set to client_credentials for now), and scope (although that's optional, it will use the default if I don't)

Obviously using grant_type = refresh_token is incorrect here - I need the refresh token before I can use it.

I'm pretty sure a client_credentials request doesn't generate refresh tokens. vendor/league/oauth2-server/src/Grant/ClientCredentialsGrant.php::respondToAccessTokenRequest() only generates Access Tokens. By comparison, AuthCodeGrant seems to generate both AccessToken and Refresh Tokens.

Let me ditch Client Credentials and try to get Authorization Codes working.

Verified - Once I figured out the dance of the authorization code flow - a grant_type:authorization_code correctly returns a refresh_token, but a simple client_credentials does not. Presumably because "Client Credentials" are about the credentials of an app, rather than being the credentials of a user. Simple clients don't need refresh tokens.

Automatically closed - issue fixed for 2 weeks with no activity.