How to retrieve b2c access token using refresh_token

Anonymous
2022-10-12T21:21:28.663+00:00

Is it possible to make equivalent call to acquire tokens using msal library:
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/b2c_1a_signin/oauth2/v2.0/token
Headers:
grant_type: refresh_token
refresh_token: ey............
scope: .....
client_id: b2c_client_id

Basically what I am trying to do, App1 passes my App2 refresh_token, and I want to call acquiretoken using msal so that it generates client-side storage of token (cookies).
App1 is a native mobile app,
App2 is a spa web application

Please suggest if this is the best way to do it or is there any other way to avoid interactive-login when user moves from App1 to App2.

Thank you

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,684 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,916 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,196 Reputation points Microsoft Employee
    2022-10-14T06:57:17.21+00:00

    Hi @Anonymous ,

    Thanks for reaching out.

    If both of your applications are in one B2C tenant, then the best way to move between two applications without login is to configure Single Sign On.

    You can control SSO behavior by using the below settings in Azure AD B2C:

    If you are using User Flow, go to properties of the user flow and set below settings to either Tenant or Policy. If you set it to policy, SSO experience between both the applications will be provided when both applications are authenticated via same user flow.

    250335-image.png

    If you are using a custom policy, you can set the above setting by configuring the SingleSignOn Scope to either Tenant or Policy in the RP file (signup/sign-in file).

    <RelyingParty>  
      <DefaultUserJourney ReferenceId="SignUpOrSignIn" />  
      <UserJourneyBehaviors>  
        <SingleSignOn Scope="Tenant" KeepAliveInDays="30" />  
        <SessionExpiryType>Absolute</SessionExpiryType>  
        <SessionExpiryInSeconds>1200</SessionExpiryInSeconds>  
      </UserJourneyBehaviors>  
    

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy

    Hope this will help.

    Thanks,
    Shweta

    -----------------------------------------

    Please remember to "Accept Answer" if answer helped you.