Generating a Refresh Token
Perform the following steps to generate the Refresh Token:
-
Obtain the authorization code using the following request. This process involves user consent.
Copyclient_id=<clinetId>
&response_type=code
&redirect_uri=<redirect_uri>
&response_mode=query
&scope=offline_access%20https://graph.microsoft.com/.default
&state=<randomnumber>Parameters details:
client_idClient ID of the registered application.
response_typeFor authorization code the value must be code.
redirect_uriThis should be redirect uri configured while registering the application. This should be pointed to localhost and any unused port.
response_modeTo get the code to in string parameter on your redirect URI, it should be query.
scopeHere multiple scopes can be added for defining the required API.
The default added scope is https://graph.microsoft.com/.default.
The refreshToken parameter is also required for configuration. The offline_access scope must be added.
stateThis can be any random number. Same value will be returned along with authorization code.
The Response in browser address bar would be displayed as follows:
https://localhost:44320/?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41U9-...&state=1234566&session_state=9557b1f1-0fd8-4e12-a39f-213cfcd12153
Copy the code present between code= and &state.
Note
The received Authorization Code can be used only once and is valid for a short duration. -
Obtain the Refresh Token as follows using the Auth Code obtained in the above step:
The Auth Code received from the previous steps must be passed in the following request along with other parameters in following request:
CopyPOST https://login.microsoftonline.com/{{Your Domain name}}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id=<clinet id >
&scope=offline_access%20https://graph.microsoft.com/.default
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrhFollowing are the newly added parameters:
codeAuthorization code obtained in previous steps.
grant_typeAs you intend to redeem the Auth Code it should be authorization_code.
client_secretClient Secret of the registered application.
Response:
Copy{
"token_type": "Bearer",
"scope": "https://graph.windows.net/Directory.Read.All
https://graph.windows.net/User.Read https://graph.windows.net/.default",
"expires_in": 7199,
"ext_expires_in": 7199,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNzWnNCT
mhaY0YzUTlTNHRycFFCVEJ5TlJSSSIsImtpZCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlJSSSJ9
.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0Iiwia...",
"refresh_token": "OAQABAAAAAAAm-06blBE1TpVMil8KPQ410LOG6EPVxGfgH8rHUXApUs5fPFtel9FsKTXo2oN8Rw
_ngEOpKNt1hfufYyJJnG39XxfscpcW...."
}Copy the Refresh Token received in the response.