Reputation: 51
Why RefreshToken received form azure active directory is not in JWT format
I need to understand why refresh token issued by AAD is not in JWT format( i used Auth Code grant type for generation of refresh token). It looks something like as follows 0.ATYAoWHs1YRqUk-OAYpDkwKjaYAEJhrbDpBNmWw7q0NZVas2APk....(rest of the token).
Also if we can get this refresh token in JWT format then how can we do that.
Thanks Abhishek
Upvotes: 2
Views: 357
Answers (1)
Reputation: 58723
It isn't in JWT format because it does not need to be. A refresh token is data that you send to the identity provider to get new access tokens. It should not have any other meaning for your application. Store it securely and send it to AAD when you need new tokens. Then take the new refresh token you get in the response and overwrite your previous refresh token with that.
The OAuth 2 RFC also talks about it https://www.rfc-editor.org/rfc/rfc6749#page-10:
A refresh token is a string representing the authorization granted to the client by the resource owner. The string is usually opaque to the client. The token denotes an identifier used to retrieve the authorization information. Unlike access tokens, refresh tokens are intended for use only with authorization servers and are never sent to resource servers.
Upvotes: 2
Related Questions
- Azure AD OAuth2.0: I dont get a refresh token
- Issue with jwt-bearer on-behalf-of grant in Azure AD
- AcquireTokenForClient does not return a refresh token?
- How to verify signature of refreshed id_token in Azure active directory
- How jwt token get reissued in azure ad OuthImplicitFlow
- Refresh Token is missing in the JWT Response
- Azure AD Adal4j Token recieved after refresh token is not signed JWT
- UseJwtBearerAuthentication failed: Unauthorized token and The signature is invalid
- Issue with jwt-bearer authorization grant in Azure AD
- IdToken not signed with AzureAD