The twoFactorLogin method for the typescript client doesn't return the refreshToken

eakpan

I setup my users to use MFA and have that working successfully but when they put in the code from the Authenticator app, they only get an access-token. The refresh-token is undefined.

Steps I have carried out

• The Application's Oauth setting has Generate refresh tokens enabled
• The Application's Jwt is enabled with Refresh token duration set
• The Tenant's Jwt is also enabled

In the code, I use the twoFactorLogin and I send the twoFactorId, applicationId, code and some eventInfo and iP./

Result

• Returns the user
• Returns the token
• Does not return the refreshToken

mark.robustelli

@eakpan would it be possible for you so share some of the code?

eakpan

@mark-robustelli

Here's how I use it in the code

const response = await this.fusionAuthClient.twoFactorLogin({
        applicationId,
        code,
        twoFactorId,
        ipAddress,
        metaData: {
          device: {
            name: deviceName,
            type: deviceType,
          },
        },
        eventInfo: {
          deviceName,
          deviceType,
          data: {
            deviceId,
          },
        },
      });
      if (!response.wasSuccessful()) {
        logger.error(
          { twoFactorId, deviceData, ipAddress },
          `Failed to verify the MFA, ${response.exception.message}`
        );
        return { type: 'failure', error: new VerifyMfaFailed() };
      }
      logger.info(
        { response: response.response },
        `The response from the two factor login`
      );

The response.response does not contain refreshToken at all from the logs

My application setup to show support for jwt and refresh

My OAuth settings in my application

mark.robustelli

@eakpan which FusionAuth client are you using?

eakpan

@mark-robustelli

I am using the typescript-client-library.

export const fusionAuthClient: FusionAuthClient = new FusionAuthClient(
  process.env.FUSION_AUTH_API_KEY!,
  process.env.FUSION_AUTH_URL!
);

mark.robustelli

@eakpan Have you tried using Postman (or something similar) to make the calls directly to the APIs and see if it behaves as you expect? If it does, then you might consider opening an issue in the typescript client repo. If it does not, you may want to open an issue with FusionAuth itself.

eakpan

@mark-robustelli Thanks. I'll do just that

eakpan

Just in case anyone gets stuck here, I had to go to the Admin UI -> Applications -> Security -> Enable refresh.

It wasn't very clear from the docs as I didn't expect that setting to be there. Would have made more sense if it was under JWT

mark.robustelli

@eakpan Awesome, thanks for posting. This may end up helping others. Glad you are able to configure FusionAuth to work for you.