Reputation: 2871
Azure AD OAuth2.0: I dont get a refresh token
when a client application (such as a webpage using our api) is connecting to a Azure AD OAuth2.0-protected web api
To get the access token, the client applications make a POST to this https://login.microsoftonline.com/{tenant}/oauth2/token
But the client applcation does not get a refresh token.Is that not needed in the "client application" scenario?
This is what they get
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1531906803",
"not_before": "1531902903",
"resource": "https://our-api.azurewebsites.net",
"access_token": "YtNGEzZi1hZGYyLTExNjU4N......rdFqQ"
The token works fine and it SEEMS that it never expires.
Upvotes: 5
Views: 3235
Answers (2)
Reputation: 11
You need add a special scope offline_access when you request authorization_code to receive refresh_token as the result. Check it out, may be it is you case :)
Upvotes: 0
Reputation: 58873
If you got the token with client credentials (client id + client secret or certificate), then you don't get a refresh token. In this scenario, you can always get a new access token with the application's credentials alone, so you do not need refresh tokens.
In the case of flows which have user context, you get a refresh token since you cannot repeat the user login at will, and must use the refresh token to get a fresh token.
Upvotes: 6
Related Questions
- Refresh Token not Expiring AzureAD
- How to get access token using refresh token AzureAD
- OAuth refresh_token call from Azure App Service returns Bad request
- Azure - Obtain user refresh token fails
- AcquireTokenForClient does not return a refresh token?
- Obtaining AzureAD Refresh token in asp.net core 2.2 mvc app
- Azure refresh token expires despite using a confidential client
- Azure v2.0 Refresh Token, returns another Refresh Token
- Azure AD token service does't response refresh_token and id_token
- Refresh with Bearer Token in Azure AD