AD FS set up on Windows Server 2022 Standard and version 10.0.20348 Build 20348 failed to go through Authentication API "Refresh_Token" grant_type

Jade Lim 0 Reputation points
2024-08-06T11:11:18.7433333+00:00

Set up a .net application which based on the following details:
a) AD FS on Windows Server 2022 Standard and version 10.0.20348 Build 20348.
b) Application run on Dotnet hosting bundle 6.0.21 Windows version.

Errors:
With PKCE Authentication flow, the behaviours of SSO login processes as:

  1. First, authorization_code Grant_Type API was successful.
    Request URL: https://<<domain>>/adfs/oauth2/token/

Request Method: POST

Status Code: 200 OK

Remote Address: <<ip>>:443

Referrer Policy: strict-origin-when-cross-origin

Form Data:
client_id: <<client_id>>

redirect_uri: https://<<appdomain>>/index.html

scope: User.Read openid profile offline_access

code: <<code>>

x-client-SKU: msal.js.browser

x-client-VER: 2.37.0

x-ms-lib-capability: retry-after, h429

x-client-current-telemetry: 5|865,0,,,|@azure/msal-react,1.5.7

x-client-last-telemetry: 5|0|||0,0

code_verifier: <<code_verifier>>

grant_type: authorization_code

client_info: 1

client-request-id: <<client-request-id>>
Response:
{

"access_token": "<<access token>>",

"token_type": "bearer",

"expires_in": 3600,

"resource": "<<resource>>",

"refresh_token": "<<refresh token>>",

"refresh_token_expires_in": 28800,

"scope": "profile openid",

"id_token": "<<id token>>"

}
2) Second, Refresh_Token Grant type return 400 Bad Request
Request URL: https://<<domain>>/adfs/oauth2/token/

Request Method: POST

Status Code: 400 Bad Request

Remote Address: <<ip>>:443

Referrer Policy: strict-origin-when-cross-origin

Form Data:

client_id: <<client_id>>

scope: User.Read openid profile offline_access

grant_type: refresh_token

client_info: 1

x-client-SKU: msal.js.browser

x-client-VER: 2.37.0

x-ms-lib-capability: retry-after, h429

x-client-current-telemetry: 5|865,0,,,|@azure/msal-react,1.5.7

x-client-last-telemetry: 5|0|||0,0

client-request-id: <<client-request-id>>

refresh_token: <<refresh token>>

X-AnchorMailbox: Oid:<<value>>
Response:

{

"error": "invalid_grant",

"error_description": "MSIS9614: The refresh token received in \u0027refresh_token\u0027 parameter is invalid."

}
Why the refresh_token Authentication API call was 400 Bad request? Any configuration is needed to fix the error? I have this error in the Client Application installation but my local duplicated application installation was working fine. Please advise. Thanks in advance. Jade.

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,616 questions
Access
Access
A family of Microsoft relational database management systems designed for ease of use.
400 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,264 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,167 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.