Azure Mobile App, Cordova client, Azure AD - refresh tokens?

Question

This stack is shaping up to be perfect for our use case:

• Azure Mobile App
• Azure AD
• C# backend (using GetAppServiceIdentityAsync<AzureActiveDirectoryCredentials>() to authorize users to API endpoints based on security group membership)
• Cordova client

The missing piece of the puzzle for me is the ability to silently obtain a refresh token. Can the Token Store take care of this for me? Or is there a supported method of doing this either with the Cordova plugin, or in the C# backend?

I mean, the inappbrowser caches credentials, so it's not like the users have to type a password again, but still, the window pops up and it would look a bit more polished if it was silent.

Thank you.

Answer 1

This is currently a little more tricky for Azure AD compared to the other providers. As a starter, I recommend you check out this blog post: http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/

It describes how to set up your mobile app backend to allow it to access the graph API on behalf of the user. Specifically, the following steps are required:

• Set clientSecret (a string property) to the key value that was generated in the Azure AD portal.
• Set additionalLoginParams to the following: (This is a JSON array value)

["response_type=code id_token", "resource=https://graph.windows.net"]

I assume this might be useful for your app anyways since you're checking security group memberships? If you'd rather not do that, then you can remove the "resource=https://graph.windows.net" parameter.

In any case, as a side effect of following these instructions, you will start receiving refresh tokens for each logged-in user, which you can use to support silent token refresh in your Cordova client.