The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Azure B2C - After 60 mins getting the new ID Token,Access Token with new Refresh Token RRS feed

  • Question

  • Dear All, 

    We have followed and configured the B2C asp.net core application and it works perfectly. 

    Now, the problem is after token life time expired application is raising the run time exception. We wanted to get these token again.

    Please let me know How to achieve this so we can avoid making the user login manually.

    Thanks

     

      

     


    Selvakumar Rathinam

    Monday, August 12, 2019 10:00 AM

Answers

  •     context.HandleCodeRedemption();

     ---- Above code 

        // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it
        // and will not send the OAuth 2.0 request in case a further call to
        // AcquireTokenByAuthorizationCode in the future for incremental consent 
        context.HandleCodeRedemption(null, result.IdToken);

    it works perfectly as expected. 


    Selvakumar Rathinam

    Monday, August 19, 2019 1:05 PM

All replies

  • Hey Selvakumar,

    Can you provide the actual runtime error you're getting? Which sample are you following and which libraries are you using to get these access tokens? 

    The wikis on how to do this can be found here : 

    https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics

    https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AcquireTokenSilentAsync-using-a-cached-token

    • Proposed as answer by Frank Hu MSFT Monday, August 12, 2019 4:23 PM
    Monday, August 12, 2019 4:23 PM
  • We are using below code to get the refresh token and Id token which is expected to refresh the token for every-time before it expires which is not happening.. 

     public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
                {
                    // Use MSAL to swap the code for an access token
                    // Extract the code from the response notification
                    var code = context.ProtocolMessage.Code;

                    string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
                    IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(AzureAdB2COptions.ClientId)
                        .WithB2CAuthority(AzureAdB2COptions.Authority)
                        .WithRedirectUri(AzureAdB2COptions.RedirectUri)
                        .WithClientSecret(AzureAdB2COptions.ClientSecret)
                        .Build();
                    new MSALStaticCache(signedInUserID, context.HttpContext).EnablePersistence(cca.UserTokenCache);

                    try
                    {
                        AuthenticationResult result = await cca.AcquireTokenByAuthorizationCode(AzureAdB2COptions.ApiScopes.Split(' '), code)
                            .ExecuteAsync();

                        string dateTokenExpire = result.ExpiresOn.UtcDateTime.ToString("yyyy/MM/dd HH:mm:ss");
                        string cookieNameTokenExpiry = "SsoTokenExpiryDate";
                        context.Response.Cookies.Append(cookieNameTokenExpiry, dateTokenExpire);

                        DateTimeOffset expiresOn = result.ExpiresOn;

                        context.HandleCodeRedemption(result.AccessToken, result.IdToken);

                        ((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("AccessToken", result.AccessToken));
                        ((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim(Constants.CLaimName.ExpiresAt, expiresOn.UtcDateTime.ToString()));
                        IEnumerable<Claim> claims = await GetUserStandardClaims(context.Principal.FindFirst(Constants.CLaimName.Email).Value, result.AccessToken);
                        if (claims.ToList().Any()) ((ClaimsIdentity)context.Principal.Identity).AddClaims(claims);

                        context.HandleCodeRedemption();
                    }
                    catch (Exception ex)
                    {
                        //TODO: Handle
                        throw;
                    }
                }

     

    Selvakumar Rathinam

    Monday, August 19, 2019 7:06 AM
  •     context.HandleCodeRedemption();

     ---- Above code 

        // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it
        // and will not send the OAuth 2.0 request in case a further call to
        // AcquireTokenByAuthorizationCode in the future for incremental consent 
        context.HandleCodeRedemption(null, result.IdToken);

    it works perfectly as expected. 


    Selvakumar Rathinam

    Monday, August 19, 2019 1:05 PM