The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Azure B2C - Refresh token RRS feed

  • Question

  • Dear All, 

    I am using Azure B2C for the authenticating my web application and API. 

    After user logged in the web application I generating the access token using below code to establish the secure communication to my API. the question is How do I refresh the token if it is expired and is this the right way to do. 

     

                    var authContext = new AuthenticationContext(authority,false);
                    var credential = new ClientCredential(appId, appSecret);
                    var authResult = await authContext.AcquireTokenAsync(resourceId, credential);
                    var token = authResult.AccessToken;
                    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

    as of now, I am generating the access token for each and every request to the API which I do not wanted do.

    what would be the right way to implement this and how to refresh the access token only if it is got expired. 

     


    Selvakumar Rathinam

    Sunday, June 30, 2019 6:34 AM

All replies

  • The offline_access scope is necessary to obtain a refresh token. When a user logs in the first time, the "offline_access" scope should be present so that a refresh token is returned (along with the id or access token). Then when you want to get a new access token, you need to send the refresh token to the /token endpoint. To learn more about how that is done manually, you can check out the "Refresh the token" section in our documentation.
    Monday, July 1, 2019 10:09 AM