Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

No refresh token when using Passport and passport-azure-ad

I'm attempting to use Passport to connect to Office365. I up getting the auth prompt and the access token is returned. The issue is that the refresh token is undefined.

My Setup

// In app.js
const creds = {
    redirectUrl: 'http://localhost:3000/token',
    clientID: '<myClientId>',
    clientSecret: '<mySecret>',
    identityMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
    allowHttpForRedirectUrl: true, // For development only
    accessType: 'offline',
    responseType: 'code',
    validateIssuer: false, // For development only
    responseMode: 'query',
    scope: [
        'Contacts.Read',
        ...
    ]
};

const callback = (iss, sub, profile, accessToken, refreshToken, done) => {
  console.log('Refresh Token: ', refreshToken); // this is undefined
  done(null, {
    profile,
    accessToken,
    refreshToken
  });
};

passport.use(new OIDCStrategy(creds, callback));

// When I authenticate
const passportSettings = {
  accessType: 'offline',
  approvalPrompt: 'consent'
};

// Authentication request.
router.get('/login', (req, res, next) => {
  passport.authenticate('azuread-openidconnect', passportSettings, (err, user, info) => {
        // Do stuff.
  });
});

Things I've tried:

  • Un-authorizing the app for the user I signed up with.
  • Moving the location of the accessType setting.

I'm really at a loss as to why this doesn't work. With the Google strategy just setting the type of 'offline' seems to be enough.

like image 392
Jack Slingerland Avatar asked Jun 16 '17 14:06

Jack Slingerland


1 Answers

It looks like you need to add the offline_access scope to the app registration as well as the config. See https://github.com/AzureAD/passport-azure-ad/issues/322.

like image 64
Jack Slingerland Avatar answered Oct 13 '22 05:10

Jack Slingerland