From the documentation I think that the answer is yes:

OAuth 2.0 User-Agent Flow for Desktop or Mobile App Integration (salesforce.com)

But if I try I can't get it.

I have developed a web application that allows any user to connect with its salesforce account.
I've implemented User Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).

This is my request:
https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]

And my redirect URL is: 
http://[MYSITE].com/#/services/oauth2/success

(that corresponds to the host from where I make the call)
This call correctly gives me access_token but not refresh_token.
If I use "https" instead "http" I receive this error:

error=invalid_scope&error_description=the requested scope is not available

From the documentation, I read that 
"The refresh token for the user-agent flow is only issued if you requested scope=refresh_token and one of the following scenarios is true:
....
- The redirect URL host matches the request host and includes the servlet services/oauth2/success.
..."

I think to be in this case, what am I doing wrong?
Thanks in advance

Is it possible to create other users in developer organization and let them see accounts and other data?
I am developing a platform that integrates with Salesforce, but I don't want to share my dev credentials with other test users.
I can correctly create users but when they try to login they receive an error.

I have developed a web application that allows any user to connect with its salesforce account. I've implemented User Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).

This is my request:

https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]

And my redirect URL is: 

http://[MYSITE].com/#/services/oauth2/success

(that corresponds to the host from where I make the call)

This call correctly gives me access_token but not refresh_token.

if I use "https" instead "http" I receive this error:
error=invalid_scope&error_description=the requested scope is not available

From the documentation, I read that 

"The refresh token for the user-agent flow is only issued if you requested scope=refresh_token and one of the following scenarios is true:

....

- The redirect URL host matches the request host and includes the servlet services/oauth2/success.

..."

I think to be in this case, what am I doing wrong?

Thanks in advance

 

From the documentation I think that the answer is yes:

OAuth 2.0 User-Agent Flow for Desktop or Mobile App Integration (salesforce.com)

But if I try I can't get it.

I have developed a web application that allows any user to connect with its salesforce account.
I've implemented User Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).

This is my request:
https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]

And my redirect URL is: 
http://[MYSITE].com/#/services/oauth2/success

(that corresponds to the host from where I make the call)
This call correctly gives me access_token but not refresh_token.
If I use "https" instead "http" I receive this error:

error=invalid_scope&error_description=the requested scope is not available

From the documentation, I read that 
"The refresh token for the user-agent flow is only issued if you requested scope=refresh_token and one of the following scenarios is true:
....
- The redirect URL host matches the request host and includes the servlet services/oauth2/success.
..."

I think to be in this case, what am I doing wrong?
Thanks in advance

Is it possible to create other users in developer organization and let them see accounts and other data?
I am developing a platform that integrates with Salesforce, but I don't want to share my dev credentials with other test users.
I can correctly create users but when they try to login they receive an error.

I have developed a web application that allows any user to connect with its salesforce account. I've implemented User Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).

This is my request:

https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]

And my redirect URL is: 

http://[MYSITE].com/#/services/oauth2/success

(that corresponds to the host from where I make the call)

This call correctly gives me access_token but not refresh_token.

if I use "https" instead "http" I receive this error:
error=invalid_scope&error_description=the requested scope is not available

From the documentation, I read that 

"The refresh token for the user-agent flow is only issued if you requested scope=refresh_token and one of the following scenarios is true:

....

- The redirect URL host matches the request host and includes the servlet services/oauth2/success.

..."

I think to be in this case, what am I doing wrong?

Thanks in advance