Hi there. Are you using the Logto React Native (Expo) SDK for your Expo client? I've tested it briefly with the sample project provided under the SDK and it functions as expected.

Also, you could check the initial authorization request to see whether the offline_access scope is properly sent.

from logto.

Hi, no we are not using Logto SDK as we needed to implement some additional logic on the client side. We do it based on Expo's Auth Session library. But I did however test on postman. I have shared my request and response in the main description

from logto.

For reference, I'm attaching postman screenshots.

Request

Response

from logto.

Can you share the authorization request body as well? The /oidc/auth endpoint. Just to make sure the offline_access scope is included in the auth request not just the following token exchange request.

from logto.

I have created a demo app for your to test.

Here is the auth endpoint called by the app:

https://nci2y1.logto.app/oidc/auth?code_challenge=wqjinZnJvRaB2DZzgVZBu_mkQZ0xKRtvtY-UYfFu83o&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A19007&client_id=wee3ntpyuq5nq7tsmts8g&response_type=code&state=lUmeHNgNAL&scope=openid%20profile%20email%20offline_access

Response from auth endpoint

{
  "type": "success",
  "error": null,
  "url": "http://localhost:19007/?code=RfgnYkG8LoILR_xmW-LqLkvHUDBJMS1X-0jfNYbp1bM&state=lUmeHNgNAL&iss=https%3A%2F%2Fnci2y1.logto.app%2Foidc",
  "params": {
    "code": "RfgnYkG8LoILR_xmW-LqLkvHUDBJMS1X-0jfNYbp1bM",
    "state": "lUmeHNgNAL",
    "iss": "https://nci2y1.logto.app/oidc"
  },
  "authentication": null,
  "errorCode": null
}

Payload for token endpoint

grant_type=authorization_code&client_id=wee3ntpyuq5nq7tsmts8g&scope=openid%20profile%20email%20offline_access&code_verifier=UZYnfbGahiCPPH5MDQJcFSK6rs9f9MEUJIkI7rPcHs9Zva1Pr3lj1UDnmC8mqKv7bHY1VXeBCz4Nk8mMV1DK7ICgVlYAXZdrwEQJ73affMNOUpeu1WAWheBlG9WK51zB&redirect_uri=http%3A%2F%2Flocalhost%3A19007&code=fPivx0McMsy9_g3oe5DBXq19af-6JuvNsD9neNXqpmS

Token Endpoint Response

{
  "accessToken": "uXQBIl7Vw91Hjy_iJBzusMNLiGqJmbKnQVufsGcID0n",
  "tokenType": "Bearer",
  "expiresIn": 3600,
  "scope": "openid profile email",
  "idToken": "eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCIsImtpZCI6InBWUnAtZUFZSlRGRm5RaGsweF9xZFJRTjVpR05LM1JTbUdKc0E5QzFHRDAifQ.eyJzdWIiOiJlcnRiZmluNHJmb2IiLCJuYW1lIjpudWxsLCJwaWN0dXJlIjpudWxsLCJ1cGRhdGVkX2F0IjoxNzEyOTE3ODE2MzE1LCJ1c2VybmFtZSI6InRlc3QiLCJjcmVhdGVkX2F0IjoxNzAyMzk0NjAyMjY2LCJlbWFpbCI6InRlc3RAdGVzdC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkNVem9uaTRuWWxKRGw3WVpVSGVDTFh0b21sVGNhMlduIiwiYXVkIjoid2VlM250cHl1cTVucTd0c210czhnIiwiZXhwIjoxNzEyOTIzODYwLCJpYXQiOjE3MTI5MjAyNjAsImlzcyI6Imh0dHBzOi8vbmNpMnkxLmxvZ3RvLmFwcC9vaWRjIn0.ztfzH-P4ThnloMTMHDnqSm52IA56SOfd6jIra3piBC3dSjgpObaBT6eeLTOiaNmv0sd0KgJYoaxVis6NsyicFp6Cqh7cjTWFvxMydiT7e0VU7j7BJre88r15gCsgRiLM",
  "issuedAt": 1712920260
}

How to reproduce?

I have created a demo app here: https://github.com/artalat/expo-logto

Here are the credentials to test:

Username: test
Password: hYh2IOn-

Command to run in browser yarn web

from logto.

I see. Looks like the prompt parameter is missing from the auth request. Please check the specs.
Could you add a prompt=consent at your auth request, and try again?

from logto.

Yes that was the problem. Adding prompt solved the issue. I have updated the example repo for future reference.

Thanks for your help.

from logto.