Outlook Office 365 : Refresh token failed to retrieve because "AADSTS70000" the provided value for the 'code' parameter is not valid

Question

In below code I can retrieve refresh token successfully from email@company.com email addresses. However, when I try to login with email@outlook.com it doesn't give the refresh token instead it returns this response.

Response:

{
  "error": "invalid_grant",
  "error_description": "AADSTS70000: The provided value for the 'code' parameter is not valid. The code has expired.\r\nTrace ID: ...\r\nCorrelation ID: ...\r\nTimestamp: 2016-05-19 10:13:05Z",
  "error_codes": [
    70000
  ],
  "timestamp": "2016-05-19 10:13:05Z",
  "trace_id": "8cceb393-....",
  "correlation_id": "5227de8...."
}

Code:

 private async Task<string> GetRefreshRoken(string authCode, string onSuccessRedirectUri) {
        var client = new HttpClient();
        var parameters = new Dictionary<string, string>
       {
          {"client_id", _clientId},
          {"client_secret", _clientSecret},
          {"code",authCode }, // what retreived from //https://login.microsoftonline.com/common with authroization.
          {"redirect_uri",  onSuccessRedirectUri}, //http://localhost:27592/Home/Authorize
          {"grant_type","authorization_code" }
       };
        var content = new FormUrlEncodedContent(parameters);
        var response = await client.PostAsync("https://login.microsoftonline.com/common/oauth2/v2.0/token", content);
        var tokensJsonString = await response.Content.ReadAsStringAsync();
        dynamic token = Newtonsoft.Json.JsonConvert.DeserializeObject(tokensJsonString);
        return token.refresh_token;
    }

So I had googled with the error number and found http://www.matvelloso.com/2015/01/30/troubleshooting-common-azure-active-directory-errors/ page where the error describes:

Then I had changed my redirecting url to "http://localhost:27592/Home/Authorize/". Since I am using this https://dev.outlook.com/restapi/tutorial/dotnet tutorial as a reference , now I cannot login with any other account.

Is there any good approach to retrieve refresh tokens for outlook account?

Answer 1

For windows live id account, you will get error "The provided value for the 'code' parameter is not valid. The code has expired." when using the authorization code twice.

The correct way to refresh the token is using refresh token (v2.0 token reference > Refresh Token).

First, ensure you have declare the scope "offline_access".

Then, you will get the access_token when acquire the token using grant_type=code (the first time you acquire the token).

Next, you need to use grant_type=refresh_token to refresh your access token.