CODEWITHSUNDEEP
javascriptangularmicrosoft-graph-apihello.js
abstract christmas tree
abstract christmas tree

Reputation: 194

Refresh token with Graph OAuth v2.0

I'm requesting a user's info via Microsoft Graph. I use the 2.0 endpoint.

This is my login function:

login() {
    hello('msft').login({scope: Configs.scope}).then(
      () => {
        this.zone.run(() => {
          this.meService.getMe().subscribe(data => {
              localStorage.setItem('username', data.mail);
              localStorage.setItem('jobtitle', data.jobTitle);
              localStorage.setItem('loggedin', 'yes');
            },
            err => {
            console.log(err);
            },
            () => {
              this.router.navigate(['/home']);
            });
        });
      },
      e => console.error(e.error.message)
    );
  }

This is my init function:

initAuth() {
    this.redirect_uri = window.location.href;
    hello.init({
        msft: {
          id: Configs.appId,
          oauth: {
            version: 2,
            auth: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
          },
          scope_delim: ' ',
          form: false
        },
      },
      {redirect_uri: window.location.href}
    );
  }

And here I am getting the access token:

getAccessToken() {
    const msft = hello('msft').getAuthResponse();
    console.log(msft);
    const accessToken = msft.access_token;
    return accessToken;
  }

I get an access token, via which I can login. However, I get no refresh token. From what I read, you get the refresh and the access token via the /token endpoint. As far as I can see, I only use the /authorize endpoint and it works?

This poses a problem. I can't refresh my token!

A response looks like this:

access_token:
"This is private, but it's a very long string"
client_id:"e6c987d2-8bdc-4f1a-bafc-04ba3d51f340"
display:"popup"
expires:1524649746.548
expires_in:3599
network:"msft"
redirect_uri:"http://localhost:4200/"
scope:"basic,User.Read"
session_state:"89a68bd2-5ae5-4df2-88d0-d28718fd10bc"
state:""
token_type:"Bearer"

Any help would be appreciated!

Upvotes: 3

Views: 1639

Answers (1)

Marc LaFleur
Marc LaFleur

Reputation: 33094

Since you're using the Implicit grant, you cannot use Refresh Tokens. They're only supported using the Authorization Code grant.

In order to use Refresh Tokens, you'll need to switch to the Authorization Code grant and implement the server-side code to process the authorization code into an access token. You'll also need to request the scope offline_access which triggers the generation of a refresh_token.

Upvotes: 1

Related Questions