MSGraph Refresh token invalid

Question

Hello,

We are integrating on our application the O365 functionality throught MSGraph rest api and we are currently getting trouble with the validation of Refresh Tokens, this is the response error code from the server on a invalid petition:

"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS70008: The refresh token has expired due to inactivity.??The token was issued on 2016-04-27T11:44:49.4826901Z and was inactive for 14.00:00:00.

This is annoyying because we need the users to aquire their credentials again. 

There is any option to avoid Refresh token being invalidated due to inactivity?

Is there any way to make longer this expiration?

Answer 1

Hello,

We are checking on the query and would get back to you soon on this.
I apologize for the inconvenience and appreciate your time and patience in this matter.

Regards,
Neelesh

Answer 2

It will depend upon your first call to get authenticated.  You should get back a refresh token from ADAL returned when you make an authorize request for the user. 

AuthenticationContext authenticationContext = new AuthenticationContext(Constants.AuthString, false);
                AuthenticationResult userAuthnResult = authenticationContext.AcquireToken(Constants.ResourceUrl,
                    Constants.ClientIdForUserAuthn, redirectUri, PromptBehavior.Always);

If you examine the AuthenticationResult object, you will notice that it contains a refresh token. 

You can look at the following article ADAL, Windows Azure AD and Multi-Resource Refresh Tokens:

ADAL, Windows Azure AD and Multi-Resource Refresh Tokens

That provides more information. 

If you require more assistance with this issue, it may be best to create an Azure Developer support case using the Azure Management portal.  At that point, we can gather information that is more specific to your tenant and that information is not appropriate to share on a public forum.

Regards,

~ MIMUSH (MSFTE)