Generating a Refresh Token

Perform the following steps to generate the Refresh Token:

1. Obtain the authorization code using the following request. This process involves user consent.

   Copy

   client_id=<clinetId>
   &response_type=code
   &redirect_uri=<redirect_uri>
   &response_mode=query
   &scope=offline_access%20https://graph.microsoft.com/.default
   &state=<randomnumber>

   Parameters details:

   client_id

   Client ID of the registered application.

   response_type

   For authorization code the value must be code.

   redirect_uri

   This should be redirect uri configured while registering the application. This should be pointed to localhost and any unused port.

   response_mode

   To get the code to in string parameter on your redirect URI, it should be query.

   scope

   Here multiple scopes can be added for defining the required API.

   The default added scope is https://graph.microsoft.com/.default.

   The refreshToken parameter is also required for configuration. The offline_access scope must be added.

   state

   This can be any random number. Same value will be returned along with authorization code.

   The Response in browser address bar would be displayed as follows:

   https://localhost:44320/?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41U9-...&state=1234566&session_state=9557b1f1-0fd8-4e12-a39f-213cfcd12153

   Copy the code present between code= and &state.

   Note
   The received Authorization Code can be used only once and is valid for a short duration.

2. Obtain the Refresh Token as follows using the Auth Code obtained in the above step:

   The Auth Code received from the previous steps must be passed in the following request along with other parameters in following request:

   Copy

       POST https://login.microsoftonline.com/{{Your Domain name}}/oauth2/v2.0/token
        Content-Type: application/x-www-form-urlencoded
   client_id=<clinet id >
   &scope=offline_access%20https://graph.microsoft.com/.default
       &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
       &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
       &grant_type=authorization_code
       &client_secret=JqQX2PNo9bpM0uEihUPzyrh

   Following are the newly added parameters:

   code

   Authorization code obtained in previous steps.

   grant_type

   As you intend to redeem the Auth Code it should be authorization_code.

   client_secret

   Client Secret of the registered application.

   Response:

   Copy

   {
       "token_type": "Bearer",
       "scope": "https://graph.windows.net/Directory.Read.All 
       https://graph.windows.net/User.Read https://graph.windows.net/.default",
       "expires_in": 7199,
       "ext_expires_in": 7199,
       "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNzWnNCT
       mhaY0YzUTlTNHRycFFCVEJ5TlJSSSIsImtpZCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlJSSSJ9
       .eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0Iiwia...",
       "refresh_token": "OAQABAAAAAAAm-06blBE1TpVMil8KPQ410LOG6EPVxGfgH8rHUXApUs5fPFtel9FsKTXo2oN8Rw
       _ngEOpKNt1hfufYyJJnG39XxfscpcW...."
   }

   Copy the Refresh Token received in the response.