Orchestrator API OAuth2 - Get refresh token for confidential application


I’m trying to follow the documentation to authorize my external application with the Orchestrator.

The request to get the access token was simple and I got the following result:

    "access_token": "ey....",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "OR.BackgroundTasks.Read OR.Execution.Read OR.Folders.Read OR.Jobs.Read OR.Machines.Read OR.Robots.Read OR.Settings.Read OR.Tasks.Read OR.Users.Read"

This token is only valid for 1 hour so I want to exchange it for a refresh token.

To quote the documentation:

Access tokens expire in one hour. The external application can get a new access token without user interaction by exchanging a refresh token for it.
Refresh tokens are also valid for only one use and they expire after 60 days.

To do so, they must include offline_access in the scope parameter of the authorize request so that the authorization code can be used in a token request to get a refresh token.

If I understand this correctly, I have to send exactly the same request as before, but add offline_access to the scope.

Unfortunately, when I do that I’ll receive the following response:

    "error": "invalid_scope"

Does anyone know what’s going on?


May I know how it was mentioned along the scope


This is my scope:

OR.Tasks.Read OR.BackgroundTasks.Read OR.Folders.Read OR.Settings.Read OR.Robots.Read OR.Machines.Read OR.Execution.Read OR.Users.Read OR.Jobs.Read offline_access

Edit: Just to make sure there’s no misunderstanding, I’m not trying to get refresh tokens for Microsoft, but the UiPath Orchestrator. Although since it’s all based on the OAuth2 specification, it should be the same.