TechQA.

Microsoft Identity Refresh Bearer Token

62 views Asked by At

I am using the MS Entra ID Identity framework to obtain a bearer token from a desktop application (Windows .Net 4.8). The token is used to login to various MS services e.g. SharePoint, Graph Explorer ..etc. The code to get the bearer token is as follows:

    AuthenticationResult Token = null;
    this.ClientApp = (PublicClientApplication)PublicClientApplicationBuilder.Create(this.AzureAppId)
   .WithDefaultRedirectUri()
   .WithAuthority(AzureCloudInstance.AzurePublic, this.AzureTenant)
   .Build();

   Token = await ClientApp.AcquireTokenInteractive(scopes)
                .WithPrompt(Prompt.SelectAccount)
                .WithParentActivityOrWindow(GetActiveWindow())
                .WithUseEmbeddedWebView(true)
                .WithLoginHint(this.UserPrincipal)
                .ExecuteAsync();
        var accessToken = new JwtSecurityToken(Token.AccessToken);

The above works fine to get a token, an example of which can be seen below:

    {
  "aud": "https://smith.sharepoint.com",
  "iss": "https://sts.windows.net/241c2f02-4073-4f03-a65c-7fs98df79s/",
  "iat": 1708340625,
  "nbf": 1708340625,
  "exp": 1708344648,
  "acr": "1",
  "aio": "ATQAy/8WAAAAwKrJ5m4ksdTPPDCj6yEjabUUML2CPVr5+BpgPI4PiRQ0yhwHtn9V92z6TCYz89EI",
  "amr": [
    "pwd",
    "rsa"
  ],
  "app_displayname": "Model Gen for Visio (MG4V)",
  "appid": "6d0d7d48-22aa-4ca2-9aba-7fs98df79s",
  "appidacr": "0",
  "deviceid": "b9b110cf-6c2a-4ee2-9f57-7fs98df79s",
  "family_name": "Smith",
  "given_name": "John",
  "idtyp": "user",
  "ipaddr": "114.76.XXX.XXX",
  "name": "John Smith",
  "oid": "3403db6b-c7fa-458f-8e94-7fs98df79s",
  "puid": "10032001608CEB31",
  "rh": "0.AUEAAi8cJHNAA0-mXNVTRH7UmwMAAAAAAPEPzgAAAAAAAABBALw.",
  "scp": "AllSites.Write Application.Read.All EnterpriseResource.Write Mail.Read MyFiles.Write Project.Write User.Read User.Read.All User.ReadBasic.All",
  "sid": "62f6ac6f-1c60-4256-a90a-7fs98df79s",
  "signin_state": [
    "kmsi"
  ],
  "sub": "YzsnKftWdjLMsHbGO0F-l9mr-7fs98df79s",
  "tid": "241c2f02-4073-4f03-a65c-7fs98df79s",
  "unique_name": "[email protected]",
  "upn": "[email protected]",
  "uti": "NLRbXlWCrk-oBbwRLDIGAA",
  "ver": "1.0",
  "wids": [
    "ac16e43d-7b2d-40e0-ac05-7fs98df79s"
  ]
}

However there doesn't seem to be any refresh token claim in the payload.

I can see that the "PublicClientApplication" implements the "IByRefreshToken" interface, that supports token refresh via the "AcquireTokenByRefreshToken" - however I cannot see where the refresh token is sourced from (it does not seem to be returned in the "AcquireTokenInteractive" call - possibly because it is missing as a claim in the JWT).

Any assistance / poiters would be gratefully received

c# .net jwt microsoft-identity-platform microsoft-entra-id
Original Q&A
0

There are 0 answers

Related Questions in C#

Related Questions in .NET

Related Questions in JWT

Related Questions in MICROSOFT-IDENTITY-PLATFORM

Related Questions in MICROSOFT-ENTRA-ID

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions