Share via

Scope "offline_access" isn't being returned in the token response.

Vinay Ramkrishnan 1 Reputation point
2022-04-08T19:50:43.473+00:00

Hi,

I am testing an OAuth integration using the OAuth v2.0 endpoints.

In my initial request to oauth2/v2.0/authorize I am sending a request containing the following scopes:
User.Read, offline_access, Files.Read.All

And then for the second token endpoint oauth2/v2.0/token, I pass the code from the authorize step, along with grant_type as authorization_code and the redirect_uri.
The response returned contains the access_token & the refresh_token as expected, but the returned list of scopes doesn't contain offline_access. Is it a bug? or is that expected and just some misunderstanding on my part.

My returned list of scopes is as follows: 

"scope":"Files.Read.All openid User.Read profile email"

~Vinay

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,882 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,616 Reputation points
    2022-04-11T04:17:22.33+00:00

    Hi @Vinay Ramkrishnan • Thank you for reaching out.

    This is expected. The offline_access scope is used to request for Refresh Token and is never returned as a scope because it cannot be a part of the access token and cannot be used for scope-based authorizations.

    As highlighted below, even when the offline_access scope is specified in the request, it is not returned as a scope:

    191702-image.png

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.