Thank you.
I still don't understand why we don't provide a refresh token when using PKCE. The fact that we provide refresh token when using code authorization grant we should also provide it when using the PKCE extension.
I am guessing the answer is that you don't based on internal "non-standard" design and this isn't a bug. It's unfortunate the product does not officially support industry standard protocols like oAuth 2.0 or OpenID.
Original Message:
Sent: 05-09-2025 09:54
From: Jerome Saint-Marc
Subject: Missing refresh_token When Using S256 Code Challenge Method
I was referring to Authorization Code Grant as "legacy" (between quotes), from a Genesys Cloud standpoint, as this OAuth grant flow has been supported for a while. The support for OAuth PKCE Grant flow was added in Genesys Cloud a year and a half or two years ago.
I wrote "the one using the S256 code challenge method" to make a reference to the OAuth flow you were mentioning as you didn't specify what OAuth Grant flow it was apart from "I use challenge_code_method S256".
"Does this mean that your API supports other methods that will also include a refresh token?" No, Authorization Code Grant flow is the only one with refresh token support with Genesys Cloud. Supported OAuth grant flows are listed here.
Hope this clarifies.
Regards,
------------------------------
Jerome Saint-Marc
Senior Development Support Engineer
Original Message:
Sent: 05-09-2025 09:24
From: Mike Alhayek
Subject: Missing refresh_token When Using S256 Code Challenge Method
Hello,
I am having hard time making sense of that response.
First, PKCE is not a grant it is an extension to the authorization code grant which can't be legacy because it is currently the most secure way to authenticate. Now, you also mentions "the one using the S256 code challenge method". Does this mean that your API supports other methods that will also include a refresh token?
Thanks for your help!
------------------------------
Mike Alhayek
Title
Original Message:
Sent: 05-09-2025 03:47
From: Jerome Saint-Marc
Subject: Missing refresh_token When Using S256 Code Challenge Method
Hello,
Refreshing tokens is not supported with Genesys Cloud when using the PKCE Grant (the one using the S256 code challenge method)
It is only supported with the "legacy" Authorization Code Grant.
Regards,
------------------------------
Jerome Saint-Marc
Senior Development Support Engineer
Original Message:
Sent: 05-08-2025 15:59
From: Mike Alhayek
Subject: Missing refresh_token When Using S256 Code Challenge Method
I am trying to build authenticate into the servers. I can authenticate with no problem. However, when I use challenge_code_method S256 the server returns only access_token without refresh_token. It is strange to me that the refresh_token is not returned in this case.
Any idea why or more importantly, is there a work around on obtaining a refresh token when challenge_code_method is used?
#Integrations
------------------------------
Mike Alhayek
Title
------------------------------