Fetch authorization code or refresh token for our API server

Question

I'm having an Angular application that performs user authentication via Microsoft account. For this, I'm using the MSAL JS library which does work fine to authenticate the user. But we have the requirement where our backend server requires to call Microsoft Graph APIs. Now the issue is that the MSAL library returns access_token which has got a life span of 1 hour and so it can not be used once it is expired from our backend server.

So I'm looking for a way where I can get an authorization code, which can be exchanged from our back end server to get the access token and refresh token. And as we've got the refresh token as well, we can refresh the access token whenever it gets expired considering a refresh token is still valid.

I'm not sure if this is possible via the MSAL library or not, or if there is any other alternative available for SPA to support the case, I've described above.

Answer 1

It is possible with MSAL.js 2.0 which is a drop-in replacement for MSAL.js 1.x and supports the authorization code flow for Single page applications. With MSAL.js 2.0 you can use the authorization flow with PKCE and refresh tokens in the Microsoft identity platform to keep users signed in while third-party cookies are blocked.

Read more here:

https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-auth-code https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas