How to get Refresh Token in Azure AD B2C

Harjani, Ashish 201 Reputation points
2020-04-24T02:05:44.39+00:00

Below is the sample URL to which User signs up :

https://tenant.b2clogin.com/tenant.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=clientid &nonce=defaultNonce & redirect_uri=https%3A%2F%2Fjwt.ms & scope=offline_access openid https%3A%2F%2Ftenant.onmicrosoft.com%2Fapi%2Fwritescope https%3A%2F%2Ftenant.onmicrosoft.com%2Fapi%2Fuser_impersonation https%3A%2F%2Ftenant.onmicrosoft.com%2Fapi%2Freadscope client id & response_type=code+id_token token & prompt=login

I receive id_token, access_token and code as part of when user signs in using above user flow url. Can I get a refresh token as well ?
Alternate option is to get it via calling REST API by exchanging the auth code received above but I am trying to see if we can get it when user signs in.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,701 questions
0 comments No comments
{count} vote

Accepted answer
  1. soumi-MSFT 11,756 Reputation points Microsoft Employee
    2020-04-24T06:21:16.593+00:00

    @Harjani, Ashish , To get an access token, you would need the scope as "offline_access" in your request, which I do see is present, but this call is going to the /authorize endpoint of B2C. Since you are using the Authorization-Code Grant flow of OAuth, hence in order to get the refresh-token, you would have to send a request to the /token endpoint of B2C, with the scope as "offline_access"

    Sample Request:
    POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob

    You can find more details and reference on this here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful