How to get access token after the existing access token is expired in Azure application

0
votes

I am using an iframe inside my web application which is registered in Azure and IdP is MS Azure. Now using MSAL I can get the access_token and id_token by using acquireTokenSilent method. But when the access_token expires, how do I refresh it from the iframe scope(where MSAL is not available). Since this is a implicit grant I do not hold refresh token.

Is it possible to get the new access_token using any of the below

  1. client_id
  2. client_secret
  3. Old access token or id_token and raw_id_token

I have tried the 'token' and 'authorise' endpoints from login.microsoftonline.com, but those could not provide me the new access_token.

1
javascriptazuremsal
You can use iFrame to send silent requests with user cookies, where the session will validate the request and issue a new access token. As mentioned in the document, you can use the prompt=none option to accomplish this. docs.microsoft.com/en-us/azure/active-directory/develop/…Carl Zhao
Do you have to use Implicit flow or is it your choice?Carl Zhao
@CarlZhao Thanks! And I have to use implicit grant type only, there is no choice.Mithun Thangachen
If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). See meta.stackexchange.com/questions/5234/… This can be beneficial to other community members. Thank you.Carl Zhao

1 Answers

0
votes

You can use iFrame to send silent requests with user cookies, where the session will validate the request and issue a new access token. As mentioned in the document, you can use the prompt=none option to accomplish this.

By the way, for security considerations, it is recommended that you use auth code flow, which will return a refresh token to you when you request a token.