Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to use MSAL.js to get refresh token?

Tags:

authentication

msal

msal.js

I want to integrate with Miscrosoft Outlook. I am able to login with MSAL.js and get an access token, but I am not able to get a refresh token. Is there a way to do it?

like image 971
Igor G. Avatar asked May 22 '17 11:05

Igor G.

People also ask

How do I get the refresh token?

To get a refresh token, you send a request to your Okta Authorization Server. The only flows that support refresh tokens are the authorization code flow and the resource owner password flow.

How does Javascript handle refresh token?

There is a way to update refresh token without login-password pair: When a refresh token expires a client have to get a new token pair (access, refresh tokens). The client sends its access AND refresh tokens and receives a new pair (just like when authenticating with username:password).

How do you get token from Msal react?

Acquiring an access tokenreact-aad-msal exposes a getAccessToken method you can use to obtain an access token before calling an API. import { MsalAuthProvider } from "react-aad-msal"; const authProvider = new MsalAuthProvider(config, authenticationParameters, options); const accessToken = authProvider.

2 Answers

I'll assume that since you're using the MSAL.js (https://github.com/AzureAD/microsoft-authentication-library-for-js) that you're using implicit flow for authentication and authorization.

Implicit flow doesn't support refresh tokens, but you can request a new token silently. This is done similarly to how you request the token (id or access) in the first place. Unfortunately, I haven't found that MSAL.js does this transparently and I've needed to detect expired tokens and request the new tokens in my code. You can read more about refreshing tokens here.

Alternatively, if what you're implementing allows you to use one of the other MSAL libraries (for example, the .Net one) then you can use one of the other OAuth flows that explicitly support refresh tokens.

like image 158
nbrowne Avatar answered Oct 06 '22 09:10

nbrowne

I use msal v1.4.0

I remove 2 keys in storage (see picture) then call acquireTokenSilent again to get new access token. enter image description here Code to remove those 2 keys:

const keys = Object.keys(sessionStorage).filter(x => x.indexOf('authority') > 0)
keys.forEach(x => sessionStorage.removeItem(x))
like image 35
qnguyen Avatar answered Oct 06 '22 09:10

qnguyen
Sign in to Comment

Related questions

Authentication using OAuth in Web API
Spring Security 4.0.0 + ActiveDirectoryLdapAuthenticationProvider + BadCredentialsException PartialResultException
Passport - "Unauthenticated." - Laravel 5.3
How do I authenticate with my own site's API when using Facebook Connect for logins/account creation?
How to use ServiceStack authentication correctly in ASP.Net MVC controller
Does something like CanCan (authorization library) exist for flask and python
Trying to send email via Service Account getting com.google.api.client.auth.oauth2.TokenResponseException: 401 Unauthorized
JSF authentication and authorization
How should I store a token generated by a RESTful API?
How to use authentication cookie from WCF Authentication Service in an ASP.Net MVC application
How do people handle authentication for RESTful api's (technology agnostic)
sign in with oAuth, what should i store/use to identify the user?
JWT token for multiple websites
Restart Kubernetes API server with different options
Could not find FirebaseUI widget error
How to invoke Cloud Function from Cloud Scheduler with Authentication
Detect if a web user is currently logged in Google?
How can I use certificate authentication with HttpsURLConnection?
How to stay logged in even when user force quits the app with Ionic / Cordova?
JWT token refresh (sliding sessions) and signout

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!