Azure-docs: Not Returning refresh_token.
I followed this example, but the refresh_token was not returned.
This is return json.
"token_type": "Bearer",
"scope": "Mail.ReadWrite Mail.Send.All User.Read profile openid email",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IjNZdWhWdkJYWVdLTnhVXy1TSkI5MWVv........"
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: b3eac288-4ddd-1099-1c86-885aa42a566f
- Version Independent ID: 190585ca-8337-0644-2182-75b77f53c175
- Content: Use Microsoft identity platform to sign in users using resource owner password credential (ROPC) grant
- Content Source: articles/active-directory/develop/v2-oauth-ropc.md
- Service: active-directory
- Sub-service: develop
- GitHub Login: @rwike77
- Microsoft Alias: ryanwi
sub318
All 10 comments
@sub318, Thank you for sharing the details. We are looking into this and would get back to you soon on this thread.
souravmishra-msft
on 1 Nov 2019
@sub318, It would be great if you can share the OAuth request that was sent the /token endpoint of AAD, I would like to take a look at the request that was sent in order to understand this better.
souravmishra-msft
on 4 Nov 2019
Thank you for reply. I can share the OAuth request.
request url : (POST) https://login.microsoftonline.com/tenant-id/oauth2/v2.0/token
And sent the parameters.
client_id, client_secret, grant_type, scope, username, password
grant_type : 'password'
scope : 'User.Read'
username : my id
password : my password
sub318
on 4 Nov 2019
@sub318, Thank you for sharing the details.
I just tried the same out using POSTMAN and sharing the screenshot below:
Can you please try this using the parameters thats present in the screenshot and share your findings.
souravmishra-msft
on 4 Nov 2019
Yes. It's the result. And I use v2.0 endpoint.
sub318
on 4 Nov 2019
@sub318, Can you add "offline_access" in scope as present in the below screenshot and let us know if that gets you the refresh token.
Offline_Access value in the Scope parameter is required to get a refresh token issued by AAD.
souravmishra-msft
on 4 Nov 2019
Return error message.
AADSTS65001: The user or administrator has not consented to use the application with ID '....' named '......'. Send an interactive authorization request for this user and resource.\r\nTrace ID: be4579e5-e515-4e29-9fa9-d513a0d05000\r\nCorrelation ID: 4647026d-3d62-4ebd-b1c8-edf9e4985eb2\r\nTimestamp: 2019-11-04 06:22:48Z"
Administrator not allow to application use authority yet.
Is it because of this?
sub318
on 4 Nov 2019
@sub318, The User.Read.All delegated permission needs Admin Consent. Hence it is necessary to provide consent by a Global Admin of the tenant on this delegated permission for it to work successfully.
I would suggest you to provide the Admin Consent for User.Read.All. Refer to the screenshot below and click the button (by logging on to the Azure Portal as a Global Administrator).
Hope this helps.
souravmishra-msft
on 4 Nov 2019
Thank you very much.
I solved this problem. :)
sub318
on 4 Nov 2019
@sub318 Great!!. Hope the steps helped you.
We are closing this thread now, but do reach out to us in case you have any more queries around this.
souravmishra-msft
on 4 Nov 2019
Related issues
paulmarshall
·
3Comments
jebeld17
·
3Comments
spottedmahn
·
3Comments
monteledwards
·
3Comments
bdcoder2
·
3Comments