Forum Discussion
Send refresh token to backend
I fixed this by implementing the https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow where the front end gets a specific kind of SSO/authorization token, and sends it to the backend, which exchanges it for a more permanent token.
It took a while to figure out how to request the SSO token in the front end, it turns out there are two ways to get it:
microsoftTeams.authentication.getAuthToken()or
teamsFx.getCredential().getToken([]); // an empty scopes arrayOn the backend I use the "acquire on behalf of" method and pass in the auth/SSO token, and exchange it for a permanent access token. I use a TokenCache to store the refresh and access tokens for each user in the database.
Microsoftkeithfable -Single-page applications using the authorization code flow with PKCE always have a refresh token lifetime of 24 hours while mobile apps, desktop apps, and web apps.
In MSAL, you can get access tokens for the APIs your app needs to call using the acquireToken* methods provided by the library. The acquireToken* methods abstract away the 2 steps involved in acquiring tokens with the OAuth 2.0 authorization code flow:
- make a request to Azure AD to obtain an
authorization code - exchange that code for an access token containing the user consented scopes.
Reference doc-1.Acquire a token to call a web API (single-page apps) - Microsoft Entra | Microsoft
Learn
2.microsoft-authentication-library-for-js/acquire-token.md at dev ยท AzureAD/microsoft-authentication-library-for-js (github.com)