Hi anonymous user • Thank you for reaching out.
The offline_access
is a scope required to receive refresh token and the authentication request with this scope must be sent to https://login.microsoftonline.com/your_tenant.onmicrosoft.com/oauth2/v2.0/token
endpoint URL. When you redeem an authorization code in the OAuth 2.0 authorization code flow or use ROPC flow (as shown below) without offline_access
scope, you'll receive only an access token from the /token
endpoint. When this scope is included, both Access & Refresh tokens are returned.
Read more: offline_access
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.