Microsoft Graph API - not receiving refresh token

0
votes

I'm using the below guide to setup Oauth2 for my app.

https://docs.microsoft.com/en-us/graph/auth-v2-user

this is the /authorize URL get request, which is working fine:

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&response_mode=query&scope=offline_access%20user.read%20files.readwrite

then, i get the code from the redirectUri and POST to this URL:

POST https://login.microsoftonline.com/common/oauth2/v2.0/token

Which returns a access_token and a refresh_token.

However, whenever i need to refresh the tokens, Graph API only returns a new access_token. I'm using axios and qs:

//get new tokens

const scope = "Files.ReadWrite";

const data = qs.stringify({
    client_id: clientId,
    client_secret: clientSecret,
    grant_type: "refresh_token",
    redirect_uri: redirectUri,
    scope: scope,
    refresh_token: oneDriveRefreshToken
  });

  const headers = {
    "Content-Type": "application/x-www-form-urlencoded",
  };

  const response = await axios.post(tokenEndpoint, data, headers);  

  const json = response.data;

  functions.logger.debug(json.access_token); //ok
  functions.logger.debug(json.refresh_token); //undefined

As far as i understand, the authorization code flow along with "offline_access" scope should enable you to get a new refresh token when calling the /token endpoint

1
azure-active-directorymicrosoft-graph-api
Try to change the scope to: const scope = "Files.ReadWrite offline_access";Carl Zhao

1 Answers

0
votes

I noticed that the scope you defined in the code does not include offline_access, so it just returns you an access token with Files.ReadWrite permission. If you want to obtain an refresh token, please add offline_access to the scope.

Try to change the scope to: const scope = "Files.ReadWrite offline_access";.