Built-in cognito page does not return the refresh_token

[koorukuroo]

I love the cognito built-in login page, but it does not return the refresh_token
Of course, the option is that "response_type=token"

I can only have the following information using built-in page

• access_token
• id_token
• token_type
• expires_in

Why do not return the refresh_token?

[jiristanglica]

That's because you're using the Implicit grant. In order to get the refresh token, you would have to use the Authorization code grant (response_type=code).
Which one you choose depends on what kind of app are you building. You can read more on that on the auth0 docs page.

[koorukuroo]

Thank you so much @Izzy26 ! 👍
You solved all my problem.

I didn't know the role of 'code' value.

I refered this page https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
and this issue amazon-archives/amazon-cognito-auth-js#52

[jiristanglica]

Glad to help :) Be careful though: if you are developing a javascript web app (SPA) that runs in the user's browser, using the Authorization code grant is not safe (as explained in the linked article in my previous post).

[jordanranz]

Thanks @Izzy26 for your help. I am going to go ahead and close this issue. Feel free to reopen if you have any related questions or concerns.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.