OAuth2: offline_access field in scope is dropped

SOLVED
Go to solution
ShannonW79
Rookie
0 Votes

I am able to successfully go through the OAuth2 flows and retrieve a usable Access Token, but the response scope never includes offline_access even though I request it. I have tried this with many combinations, but here is an example:

 

Original Request:

https://authz.constantcontact.com/oauth2/default/v1/authorize?client_id=aaaaaaaa-aaaa-aaaa-aaaa-94827bd7038e&redirect_uri=https://localhost/servervariables.asp&response_type=token&scope=account_read+account_update+contact_data+campaign_data+offline_access&state=randomState_121&nonce=randomNonce_121

 

Note that the requested scope includes offline_access. The original redirect from the Authorization Request still looks good and includes all 5 scope fields - including offline_access:

 

https://identity.constantcontact.com/oauth2/aus1lm3ry9mF7x2Ja0h8/v1/authorize?client_id=aaaaaaaa-aaaa-aaaa-aaaa-94827bd7038e&redirect_uri=https://localhost/servervariables.asp&response_type=token&scope=account_read+account_update+contact_data+campaign_data+offline_access&state=randomState_121&nonce=randomNonce_121

 

But the ultimate response including the Access Token drops the offline_access field from the scope. The final response looks like this:

 

{
  "access_token" : (omitted),
  "token_type" : "Bearer",
  "expires_in" : 28800,
  "scope" : "account_read+account_update+campaign_data+contact_data",
  "state" : "randomState_121"
}

 

Any ideas what I am doing wrong? I want the offline_access field included in scope because I apparently need it to receive Refresh Tokens (which I also did not receive). Any help would be appreciated. Thanks in advance!

1 ACCEPTED SOLUTION
ShannonW79
Rookie
0 Votes

Figured this one out myself ... it turns out that (as the documentation states), the implicit flow does not work with Refresh Tokens (and presumably, with offline_access).

 

Changing the original request above from "response_type=token" to "response_type=code" made everything works as expected.

 

Hope this helps anyone else running into this issue!

View solution in original post

2 REPLIES 2
ShannonW79
Rookie
0 Votes

Figured this one out myself ... it turns out that (as the documentation states), the implicit flow does not work with Refresh Tokens (and presumably, with offline_access).

 

Changing the original request above from "response_type=token" to "response_type=code" made everything works as expected.

 

Hope this helps anyone else running into this issue!

Courtney_E
Moderator
0 Votes

Hello ShannonW79,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

I'm glad to hear that you were able to resolve your issue!

 

Please let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up

Polls
How confident are you about the effectiveness of your current marketing strategy?

Top Choice: Not confident at all (62%)