Forum Discussion

keithfable's avatar
keithfable
Brass Contributor
Feb 17, 2023

Send refresh token to backend

Hi,

 

I have developed a basic SPA teams app, using teamsFx.login() to get an access token.

 

I would like to call sendActivityNotification() from time to time, from my backend, using a delegated permission.

 

It seems like to do this, I would need to send a refresh token to my backend, so that it can fetch a new access token whenever one is needed to send an activity notification.

 

Could you tell me how to get a refresh token in the SPA?  It seems like teamsFX and MSAL.js PublicClientApplication only provide the access token, not the refresh token.

 

Thanks!

  • I fixed this by implementing the On-Behalf-Of flow where the front end gets a specific kind of SSO/authorization token, and sends it to the backend, which exchanges it for a more permanent token.

     

    It took a while to figure out how to request the SSO token in the front end, it turns out there are two ways to get it:

     

    microsoftTeams.authentication.getAuthToken()

     

    or 

     

    teamsFx.getCredential().getToken([]); // an empty scopes array

     

    On the backend I use the "acquire on behalf of" method and pass in the auth/SSO token, and exchange it for a permanent access token.  I use a TokenCache to store the refresh and access tokens for each user in the database.

Resources