'offline_access' value in scope using openid for getting refresh token from B2C Azure Active Directory is not working

Question

I am trying to implement authentication with Azure B2C Active Directory. Everything is working fine I can login and get the access_token from the B2C active directory with particular policy. But when I try to pass value "offline_access" in scope inside login url for getting the refresh toke it returns a error message and I cannot login. I am using ADAL (Azure Directory Authentication Library) of Angular 5 to authenticate to Azure AD.

Here is image my angular ADAL configuration codes

Here is the image of issue I am getting when trying to pass "offline_access" value in scope inside url

complete error message:

http://localhost:4200/dashboard#error=invalid_request&error_description=AADB2C90012%253a+The+scope+'openid+offline_access'+provided+in+request+is+not+supported.%0D%0ACorrelation+ID%253a+05f9f8b0-a8a0-4fdc-9cca-50a4e81a929c%0D%0ATimestamp%253a+2018-01-17+04%253a35%253a36Z%0D%0A&state=a878cc7f-6d87-47e6-9965-d2536aa06ea6

Am I missing something here? Or there is another way to get the refresh token ?

Answer 1

Firstly, you should use the Azure AD v2.0 Authentication Library -- otherwise known as MSAL -- rather than use the Azure AD v1.0 Authentication Library -- otherwise known as ADAL -- with Azure AD B2C.

Secondly, for a single-page application, Azure AD B2C doesn't issue a refresh token.

Instead, as described at Azure AD B2C: Single-page app sign-in by using OAuth 2.0 implicit flow > Refresh tokens, the single-page application must refresh the ID and access tokens using a hidden iframe.

This token refresh is handled by MSAL.