invalid_scope Error (400) When Using Refresh Token
βUnsolvedβQuestionπͺ²Bugs
Hey everyone! We're running into an issue with refresh tokens in our Angular application and could use some help.
Problem:
When the automatic silent refresh is triggered, we're getting a 400 error with:
error: "invalid_scope"
Setup:
We're using the Angular OIDC client with automatic silent refresh:
Token Request Payload:
`
What We've Tried:
Enabled "Refresh Token" in the App settings
Followed the Zitadel Angular example setup
Questions:
Are there specific scopes that shouldn't be included in a refresh token request?
Do we need to configure the allowed scopes differently in the application settings?
Is there a mismatch between the initial auth scopes and refresh scopes?
Any guidance would be greatly appreciated!
Problem:
When the automatic silent refresh is triggered, we're getting a 400 error with:
error: "invalid_scope"
Setup:
We're using the Angular OIDC client with automatic silent refresh:
Token Request Payload:
`
What We've Tried:
Enabled "Refresh Token" in the App settings Followed the Zitadel Angular example setupQuestions:
Are there specific scopes that shouldn't be included in a refresh token request?
Do we need to configure the allowed scopes differently in the application settings?
Is there a mismatch between the initial auth scopes and refresh scopes?
Any guidance would be greatly appreciated!
