ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,551 questions
AD FS set up on Windows Server 2022 Standard and version 10.0.20348 Build 20348 failed to go through Authentication API "Refresh_Token" grant_type
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 73%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Jade Lim
0
Reputation points
Set up a .net application which based on the following details:
a) AD FS on Windows Server 2022 Standard and version 10.0.20348 Build 20348.
b) Application run on Dotnet hosting bundle 6.0.21 Windows version.
Errors:
With PKCE Authentication flow, the behaviours of SSO login processes as:
- First, authorization_code Grant_Type API was successful.
Request URL: https://<<domain>>/adfs/oauth2/token/
Request Method: POST
Status Code: 200 OK
Remote Address: <<ip>>:443
Referrer Policy: strict-origin-when-cross-origin
Form Data:
client_id: <<client_id>>
redirect_uri: https://<<appdomain>>/index.html
scope: User.Read openid profile offline_access
code: <<code>>
x-client-SKU: msal.js.browser
x-client-VER: 2.37.0
x-ms-lib-capability: retry-after, h429
x-client-current-telemetry: 5|865,0,,,|@azure/msal-react,1.5.7
x-client-last-telemetry: 5|0|||0,0
code_verifier: <<code_verifier>>
grant_type: authorization_code
client_info: 1
client-request-id: <<client-request-id>>
Response:
{
"access_token": "<<access token>>",
"token_type": "bearer",
"expires_in": 3600,
"resource": "<<resource>>",
"refresh_token": "<<refresh token>>",
"refresh_token_expires_in": 28800,
"scope": "profile openid",
"id_token": "<<id token>>"
}
2) Second, Refresh_Token Grant type return 400 Bad Request
Request URL: https://<<domain>>/adfs/oauth2/token/
Request Method: POST
Status Code: 400 Bad Request
Remote Address: <<ip>>:443
Referrer Policy: strict-origin-when-cross-origin
Form Data:
client_id: <<client_id>>
scope: User.Read openid profile offline_access
grant_type: refresh_token
client_info: 1
x-client-SKU: msal.js.browser
x-client-VER: 2.37.0
x-ms-lib-capability: retry-after, h429
x-client-current-telemetry: 5|865,0,,,|@azure/msal-react,1.5.7
x-client-last-telemetry: 5|0|||0,0
client-request-id: <<client-request-id>>
refresh_token: <<refresh token>>
X-AnchorMailbox: Oid:<<value>>
Response:
{
"error": "invalid_grant",
"error_description": "MSIS9614: The refresh token received in \u0027refresh_token\u0027 parameter is invalid."
}
Why the refresh_token Authentication API call was 400 Bad request? Any configuration is needed to fix the error? I have this error in the Client Application installation but my local duplicated application installation was working fine. Please advise. Thanks in advance. Jade.
ASP.NET Core
Access
Access
A family of Microsoft relational database management systems designed for ease of use.
388 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,259 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,156 questions
Sign in to answer