Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Microsoft Graph API not returning refresh token

Tags:

microsoft-graph-api

I created an app on https://apps.dev.microsoft.com

with the following Application Permissions:

Calendars.Read (Admin Only) Calendars.ReadWrite (Admin Only) User.Read.All (Admin Only)

The following is the only flow that has worked for me to be able to subscribe to notifications of another user, on another tenant, as described here

Admin Consent

Admin consent was then successfully granted via this URL

https://login.microsoftonline.com/common/adminconsent?client_id=bbb35336-faee-4c10-84b4-34136634db41&state=1234&redirect_uri=https%3A%2F%2Fdashmeetings.com%2Fmicrosoft%2Foauth

Get access token

An access token was then obtained from 

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

with headers

Content-Type=application/x-www-form-urlencoded

with {tenant} the value of tenant returned in the callback url,

and body with key-value pairs

grant_type=client_credentials
client_id=bbb35336-faee-4c10-84b4-34136634db41
client_secret=xxx
scope=https://graph.microsoft.com/.default

This returns an access token, but not a refresh token.

I think this might be because offline_access isn't requested.

How can I get a refresh token?

like image 227
karel Avatar asked Dec 01 '17 07:12

karel

People also ask

How do I get my refresh token to expire?

The member must reauthorize your application when refresh tokens expire. When you use a refresh token to generate a new access token, the lifespan or Time To Live (TTL) of the refresh token remains the same as specified in the initial OAuth flow (365 days), and the new access token has a new TTL of 60 days.

How do I trigger a refresh token?

To use the refresh token, make a POST request to the service's token endpoint with grant_type=refresh_token , and include the refresh token as well as the client credentials if required.

Where are refresh tokens stored?

If your application uses refresh token rotation, it can now store it in local storage or browser memory. You can use a service like Auth0 that supports token rotation.

1 Answers

You're partially correct, you will only receive a refresh_token if you request the offline_access scope and you are using the authorization_code grant flow.

Refresh tokens are not available when using the implicit grant and are unnecessary when using the client_credentials grant. When using client_credentials there isn't a user authenticated and therefore there isn't a need to "refresh" a token since you can simply request a new token when needed.

like image 104
Marc LaFleur Avatar answered Sep 20 '22 08:09

Marc LaFleur
Sign in to Comment

Related questions

Microsoft Graph - Users API deltatoken
How to get Azure tenant name from graph.microsoft.com?
Microsoft Azure AD graph API: How do I retrieve a user's email address?
App needs permission to access resources in your organisation that only an admin can grant
Graph API fails for Archive mailboxes
Office 365 API - Creating New User, Getting Licensing Information; Which API to use?
Graph API: Either scp or roles claim need to be present in the token
Get Extended Properties on User using Microsoft Graph
Microsoft Graph: List all users and their groups in one request
Firebase custom Auth with Microsoft Azure / Graph
Impersonation with Microsoft Graph
Upload file to SharePoint drive using Microsoft Graph
microsoft graph API using filter on get sharepoint items
MS Graph API: invalid authentication token
Microsoft Graph API - SendMail http 400 - API url from documentation not working
Download and upload DriveItem from shared OneDrive Folder with MS Graph SDK
Microsoft Graph Api User.Read.All Not granted for my domain
Difference between Office 365 REST Api and Microsoft Graph
Sort Events by Start Date

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!