This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 99%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
I am developing Android application that requires sign in with Microsoft. I need to get authorization code to send it to our server. On the server I exchange the authorization code to refresh token and access token. I need access token to communicate with users' accounts. And refresh token to get new access token when old expires. I found libraries com.microsoft.identity.client to get access token. com.microsoft.identity.client gets authorization code and refresh token inside itself. But there is no way to get these values from outside. Only access token available in result of com.microsoft.identity.client. So, when this access token expires, server can do nothing. My question is how to get refresh token (not access token) in mobile application? Or how to get authorization code in mobile application (then I can exchange it to refresh token on server)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Wellnessliving ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Hi @Wellnessliving ,
Thanks for reaching out.
I understand you are trying to get the refresh token for android application. Unfortunately, currently it is not possible to get the refresh token for android application due to security concerns.
Exposing the refresh token from MSAL would too easily enable developers to implement scenarios to transmit access tokens or refresh tokens off the device for use elsewhere (that is, except by the intended resource server) -- the refresh token is intended to remain on the device to which it was transmitted. It is also to protect credentials from being compromised by man-in-middle or other kinds of interception attacks.
Hope this will help.
Please remember to "Accept Answer" if answer helped you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 76%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHK%3C/text%3E%3C/svg%3E)
This is quite ridiculous to say, that all developers will abuse this feature. We need to execute background operations and cannot present a login screen every 24 hours. If you have security concerns, that's fine, please enable it for your apps. But allow us to use it in the way we want to in our apps.