From 1445f01ea84d1c11c8ef5d29fa0fe3c2ba038001 Mon Sep 17 00:00:00 2001
From: Joe <schoolyd@teamschoolyd.org>
Date: Thu, 5 Sep 2024 20:02:13 -0500
Subject: [PATCH] Support refresh tokens by adding "offline_access" scope. Add
 instructions for enabling Refresh Token grant type during app setup.

---
 README.md                               | 1 +
 custom-login/src/app/app.config.ts      | 2 +-
 okta-hosted-login/src/app/app.config.ts | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3d02bea4..f0765c0e 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Register your application by selecting **Applications** > **Add Application**. O
 
 On the following screen, edit the application settings. For these sample applications we are using port number 8080. Configure your app as follows:
 
+* Avoid third-party cookies by enabling the `Refresh Token` grant type under **General Settings > Grant type > Core grants > Refresh Token**.
 * **Base URI**: `http://localhost:8080`
 * **Login redirect URI**: `http://localhost:8080/login/callback` 
 * **Logout redirect URI**: `http://localhost:8080` 
diff --git a/custom-login/src/app/app.config.ts b/custom-login/src/app/app.config.ts
index 80bb03cb..ee529e4c 100644
--- a/custom-login/src/app/app.config.ts
+++ b/custom-login/src/app/app.config.ts
@@ -6,7 +6,7 @@ export default {
     clientId: `${CLIENT_ID}`,
     issuer: `${ISSUER}`,
     redirectUri: 'http://localhost:8080/login/callback',
-    scopes: ['openid', 'profile', 'email'],
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
     testing: {
       disableHttpsCheck: `${OKTA_TESTING_DISABLEHTTPSCHECK}`
     },
diff --git a/okta-hosted-login/src/app/app.config.ts b/okta-hosted-login/src/app/app.config.ts
index 38f08220..a4e7fddd 100644
--- a/okta-hosted-login/src/app/app.config.ts
+++ b/okta-hosted-login/src/app/app.config.ts
@@ -5,7 +5,7 @@ export default {
     clientId: `${CLIENT_ID}`,
     issuer: `${ISSUER}`,
     redirectUri: 'http://localhost:8080/login/callback',
-    scopes: ['openid', 'profile', 'email'],
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
     pkce: true,
     testing: {
       disableHttpsCheck: `${OKTA_TESTING_DISABLEHTTPSCHECK}`