[英]Not able to get new refresh token from azure AD with grant type refresh_token called with old refresh token
I am using Azure Service management API and OAuth API for generating Access token. 我使用Azure服务管理API和OAuth API来生成访问令牌。 But while making the call for grant type "refresh_token", to refresh access token it returns new access token but that response does not has new refresh token.
但是在调用grant类型“refresh_token”时,要刷新访问令牌,它会返回新的访问令牌,但该响应没有新的刷新令牌。 So I have to use old refresh token for refreshing access token.
所以我必须使用旧的刷新令牌来刷新访问令牌。 And the problem is after 5-6 hours, refreshing token returns error invalid_client(Error validating credentials. Invalid client secret is provided).
问题是5-6小时后,刷新令牌返回错误invalid_client(验证凭据时出错。提供了无效的客户端密钥)。 In other cases like Office 365 app authentication via Azure AD it returns everything.
在其他情况下,例如通过Azure AD进行Office 365应用程序身份验
Is there is any specific parameter or header that I have to pass with the API call ? 我必须通过API调用传递任何特定参数或标头吗?
Below is the screenshot of my code 以下是我的代码的屏幕截图
Please help. 请帮忙。
Thanks in advance 提前致谢
If you use the v2 endpoint scopes are requested dynamically and a refresh token must be requested using "offline_access" scope. 如果使用v2端点,则动态请求范围,并且必须使用“offline_access”范围请求刷新令牌。 This is much different than in the v1 model, where scopes are pre-registered with the app registration and a refresh token is always returned w/o explicit scope.
这与v1模型有很大不同,后者在应用程序注册中预先注册了作用域,并且总是在没有显式作用域的情况下返回刷新令牌。 If you're using v1 & you don't get refresh token, it might be due to restricted security policy about refresh tokens by your ADFS provider, which is not sending back a refresh token to the API calling the OAuth authentication and authorization.
如果您正在使用v1而您没有获得刷新令牌,则可能是由于ADFS提供程序对刷新令牌的安全策略有限,而不是向调用OAuth身份验证和授权的API发回刷新令牌。
This is security enhancement/block to disable your application not to hold a lifetime refresh token that can be lived forever (if refreshed). 这是安全性增强/阻止,以禁止您的应用程序不持有可永久存在的生命周期刷新令牌(如果刷新)。
So if you can use v2 endpoint - use offline_access scope. 因此,如果您可以使用v2端点 - 请使用offline_access范围。 Otherwise check security policies with you ADFS provider.
否则,请与ADFS提供商一起检查安全策略。
I run into the same problem as you & gathered most of the information that helped to answer this question from here: https://stackoverflow.com/a/44813531/4446128 . 我遇到了和你一样的问题并从这里收集了大部分有助于回答这个问题的信息: https : //stackoverflow.com/a/44813531/4446128 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.