Get invalid_grant error when attempting to refresh a token

Question

I am developing a node.js application which uses outlook rest API to fetch the mails. I am using this API.

I am trying to refresh the token using the following request. I am using request npm to call the API

{
    url: 'https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token',
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    formData:
    {
        scope: 'offline_access User.Read Mail.Read',
        client_id: 'c251b61b-c6db-4f64-89bd-7009444d1bc8',
        grant_type: 'refresh_token',
        redirect_uri: 'http://localhost:3000/myurl',
        refresh_token: 'refresh-token',
        client_secret: 'cli-secret'
     }
}

but getting the following error

{
  "error": "invalid_grant",
  "error_description": "AADSTS9002313: Invalid request. Request is malformed or  invalid.745ec0500",
  "correlation_id": "a2d87f11-0671-41f1-a5e7-654f1796c3d1"
}

I have also tried with adding Content-length in headers and appending all variables into a string using & and = and sending that in the body, but I got the same error. I am getting an access-token successfully.

Answer 1

So far I know you are trying to get refresh token in the wrong way.

As the error said, you are trying in incorrect grant_type.

As per your given document reference the grant_type should be authorization_code. Once you would get your Code then you need to use it for achieving access tokenand refresh token.

When your access token would expired then you have to use the refresh token to get a new access token as document explains.

In that case try with response_type=code format.

Request For Code:

Get Code In Postman Console:

Request For Access And Refresh Token With Code:

Get Access And Refresh Token By Code:

Get Refresh Token When Access Token Expired:

Note: This this the exact way how you would get authorization code and with this code how to get access token along with refresh token finally how to renew token with the refresh token when the access token expired!

Answer 2

When you generate the access token the first time that time you also get the refresh token. you have to store that token anywhere you can also store it in a database or a txt file.

 $post_params_refresh = array(
"grant_type" => "refresh_token",
"client_id" => 'ReplaceYourClientId',
"refresh_token" => 'ReplaceYourOldRefreshToken',
"client_secret" => 'ReplaceYourClientSecretKey',
'scope' => 'https://graph.microsoft.com/User.ReadWrite.All',
);
$refreshTokenUrl = "https://login.windows.net/common/oauth2/v2.0/token";
$curl_refresh = curl_init($refreshTokenUrl);
curl_setopt($curl_refresh, CURLOPT_POST, true);
curl_setopt($curl_refresh, CURLOPT_POSTFIELDS, $post_params_refresh);
curl_setopt($curl_refresh, CURLOPT_HTTPHEADER, array("application/x-www-form-urlencoded"));
curl_setopt($curl_refresh, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($curl_refresh, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl_refresh, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl_refresh, CURLOPT_RETURNTRANSFER, 1);
$response_refresh = curl_exec($curl_refresh);
$arrResponseRefresh = json_decode($response_refresh);
$accessToken = $arrResponseRefresh->access_token;
$refreshToken = $arrResponseRefresh->refresh_token;

You get a new refresh token using this curl method and update this refresh token to the old token which you stored previously.