Reputation: 51
I have a question about how to get and then use a refresh token when accessing a Microsoft Azure Mobile service that has been secured.
I am building a mobile app and right now have the basics of this working. I can authenticate against azure ad and windows account (will a few more later) all provided by azure mobile services. to do this I use the Mobile client and mobile service user. I can then store the login ticket in windows phone 8 and IOS. will add android when I figure out the key chain in android. but what I need to figure out is how to get a refresh token and then what to do with it. right now my logins expire after 1 hour
Upvotes: 2
Views: 988
Reputation: 51
I found the answer to this when Microsoft added it. I found the post to be very helpful:
http://cgillum.tech/2016/03/07/app-service-token-store/
This is the main bit of the post
Refreshing Tokens
An important detail about using access tokens is that most of them will eventually expire. Some providers, like Facebook, have access tokens which expire after 60 days. Other providers, like Azure AD, Microsoft Account, and Google, issue access tokens which expire in 1 hour. In all cases, a fresh set of tokens can be obtained by forcing the user to re-authenticate. This is reasonable for Facebook since a re-auth would only need to happen once every 60 days. However, this is not practical for Azure AD, Microsoft Account, and Google, where the token expiration is 1 hour.
To avoid the need to re-authenticate the user to get a new access token, you can instead issue an authenticated GET request to the /.auth/refresh endpoint of your application. This is a built-in endpoint, just like /.auth/me. When called, the Easy Auth module will automatically refresh the access tokens in the token store for the authenticated user. Subsequent requests for tokens by your app code will then get the most up-to-date tokens. In order for this to work, the token store must contain refresh tokens for your provider. If you’re not familiar with how to do this, here are some hints:
Google: Append an “access_type=offline” query string parameter to your /.auth/login API call (if using the Mobile Apps SDK, you can add this to one of the LogicAsync overloads). Microsoft Account: Select the wl.offline_access scope in the Azure management portal.
since this has been added I have been able to work with Microsoft account and refresh as I need to
Upvotes: 2