msal+oauth - how to retrieve refresh token from android/flutter

Question

we are developing an app which foresees multiple signed in microsoft accounts using oauth. We are using this package

https://pub.dev/packages/msal_mobile#-readme-tab-

which wraps the official microsoft library

https://github.com/AzureAD/microsoft-authentication-library-for-android

I know that the library does not expose a refresh token directly and instead it refreshes it on the back-end. However, because the flutter library does not allow multiple signed in account (and eventually because the user might sign out on the internet from the related microsoft account, therefore signing out one of his accounts from the app as well) we need to exchange an access token with a refresh token using a request like the following:

POST /common/oauth2/v2.0/token HTTP/1.1 Host: https://login.microsoftonline.com Content-Type: application/x-www-form-urlencoded 
client_id=...
&scope=...    &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=msauth://...
 &grant_type=authorization_code

however, tying to do so, I get an error "invalid_grant", with the description:

> "AADSTS9002313: Invalid request. Request is malformed or invalid...”

while the provided accessToken seems to be correct and it is correctly returned by the msal/flutter library. How we can solve that ? The app seems to be correctly set up on the azure portal. If this is a limit of the official msal library for android, do you have any hint how to add that feature ? thanks (Thomas)

Answer 1

I don't know too much about flutter, but if I remember correctly, for azure oauth, if you are trying to get a refresh token using the token endpoint, then you must request the scope of offline_access with that authorization_code grant type. Maybe give that a try.