I am able to successfully go through the OAuth2 flows and retrieve a usable Access Token, but the response scope never includes offline_access even though I request it. I have tried this with many combinations, but here is an example: Original Request: https://authz.constantcontact.com/oauth2/default/v1/authorize?client_id=aaaaaaaa-aaaa-aaaa-aaaa-94827bd7038e&redirect_uri=https://localhost/servervariables.asp&response_type=token&scope=account_read+account_update+contact_data+campaign_data+offline_access&state=randomState_121&nonce=randomNonce_121 Note that the requested scope includes offline_access. The original redirect from the Authorization Request still looks good and includes all 5 scope fields - including offline_access: https://identity.constantcontact.com/oauth2/aus1lm3ry9mF7x2Ja0h8/v1/authorize?client_id=aaaaaaaa-aaaa-aaaa-aaaa-94827bd7038e&redirect_uri=https://localhost/servervariables.asp&response_type=token&scope=account_read+account_update+contact_data+campaign_data+offline_access&state=randomState_121&nonce=randomNonce_121 But the ultimate response including the Access Token drops the offline_access field from the scope. The final response looks like this: {
"access_token" : (omitted),
"token_type" : "Bearer",
"expires_in" : 28800,
"scope" : "account_read+account_update+campaign_data+contact_data",
"state" : "randomState_121"
} Any ideas what I am doing wrong? I want the offline_access field included in scope because I apparently need it to receive Refresh Tokens (which I also did not receive). Any help would be appreciated. Thanks in advance!
... View more
