question

HarjaniAshish-7896 avatar image
0 Votes"
HarjaniAshish-7896 asked azure-cxp-api edited

How to get Refresh Token in Azure AD B2C

Below is the sample URL to which User signs up :

https://tenant.b2clogin.com/tenant.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=clientid &nonce=defaultNonce & redirect_uri=https%3A%2F%2Fjwt.ms & scope=offline_access openid https%3A%2F%2Ftenant.onmicrosoft.com%2Fapi%2Fwritescope https%3A%2F%2Ftenant.onmicrosoft.com%2Fapi%2Fuser_impersonation https%3A%2F%2Ftenant.onmicrosoft.com%2Fapi%2Freadscope client id & response_type=code+id_token token & prompt=login

I receive id_token, access_token and code as part of when user signs in using above user flow url. Can I get a refresh token as well ?
Alternate option is to get it via calling REST API by exchanging the auth code received above but I am trying to see if we can get it when user signs in.

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
2 Votes"
soumi-MSFT answered CarolLai-5934 edited

@HarjaniAshish-7896, To get an access token, you would need the scope as "offline_access" in your request, which I do see is present, but this call is going to the /authorize endpoint of B2C. Since you are using the Authorization-Code Grant flow of OAuth, hence in order to get the refresh-token, you would have to send a request to the /token endpoint of B2C, with the scope as "**offline_acces**s"

Sample Request:
POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob

You can find more details and reference on this here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.









5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.