cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Send refresh token to backend

keithfable
Brass Contributor

‎Feb 16 2023 05:41 PM

‎Feb 16 2023 05:41 PM

Send refresh token to backend

Hi,

 

I have developed a basic SPA teams app, using teamsFx.login() to get an access token.

 

I would like to call sendActivityNotification() from time to time, from my backend, using a delegated permission.

 

It seems like to do this, I would need to send a refresh token to my backend, so that it can fetch a new access token whenever one is needed to send an activity notification.

 

Could you tell me how to get a refresh token in the SPA?  It seems like teamsFX and MSAL.js PublicClientApplication only provide the access token, not the refresh token.

 

Thanks!

Labels:
1,702 Views
0 Likes
3 Replies
Reply
3 Replies
Sayali-MSFT

‎Feb 17 2023 05:02 AM - edited ‎Feb 17 2023 05:06 AM

‎Feb 17 2023 05:02 AM - edited ‎Feb 17 2023 05:06 AM

Re: Send refresh token to backend

@keithfable-Thanks for reporting your issue.
We will check this at our end and will get back to you. 

Meanwhile got the related thread please have look into this-teams toolkit - How to refresh id-token using @microsoft/teamsfx - Stack Overflow
Hope it's helpful.

0 Likes
Reply
Sayali-MSFT

‎Feb 22 2023 10:55 PM

‎Feb 22 2023 10:55 PM

Re: Send refresh token to backend

@keithfable -Single-page applications using the authorization code flow with PKCE always have a refresh token lifetime of 24 hours while mobile apps, desktop apps, and web apps.

In MSAL, you can get access tokens for the APIs your app needs to call using the acquireToken* methods provided by the library. The acquireToken* methods abstract away the 2 steps involved in acquiring tokens with the OAuth 2.0 authorization code flow:

  1. make a request to Azure AD to obtain an authorization code
  2. exchange that code for an access token containing the user consented scopes.


Reference doc-1.Acquire a token to call a web API (single-page apps) - Microsoft Entra | Microsoft
Learn
2.microsoft-authentication-library-for-js/acquire-token.md at dev · AzureAD/microsoft-authentication-l...

0 Likes
Reply
best response confirmed by keithfable (Brass Contributor)
keithfable

‎Feb 23 2023 05:41 AM

‎Feb 23 2023 05:41 AM

Solution

Re: Send refresh token to backend

I fixed this by implementing the On-Behalf-Of flow where the front end gets a specific kind of SSO/authorization token, and sends it to the backend, which exchanges it for a more permanent token.

 

It took a while to figure out how to request the SSO token in the front end, it turns out there are two ways to get it:

 

microsoftTeams.authentication.getAuthToken()

 

or 

 

teamsFx.getCredential().getToken([]); // an empty scopes array

 

On the backend I use the "acquire on behalf of" method and pass in the auth/SSO token, and exchange it for a permanent access token.  I use a TokenCache to store the refresh and access tokens for each user in the database.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by keithfable (Brass Contributor)
keithfable

‎Feb 23 2023 05:41 AM

‎Feb 23 2023 05:41 AM

Solution

Re: Send refresh token to backend

I fixed this by implementing the On-Behalf-Of flow where the front end gets a specific kind of SSO/authorization token, and sends it to the backend, which exchanges it for a more permanent token.

 

It took a while to figure out how to request the SSO token in the front end, it turns out there are two ways to get it:

 

microsoftTeams.authentication.getAuthToken()

 

or 

 

teamsFx.getCredential().getToken([]); // an empty scopes array

 

On the backend I use the "acquire on behalf of" method and pass in the auth/SSO token, and exchange it for a permanent access token.  I use a TokenCache to store the refresh and access tokens for each user in the database.

View solution in original post

0 Likes
Reply