Refresh auth token for MS Graph with C#

Question

How to refresh Authentication token for Microsoft Graph using Microsoft Graph .NET Client Library or other using C#?

What I am currently doing is keeping token in the static class:

public class TokenKeeper
{
    public static string token = null;
    public static string AcquireToken()
    {
        if (token == null || token.IsEmpty())
        {
            throw new Exception("Authorization Required.");
        }
        return token;
    }
    public static void Clear()
    {
        token = null;
    }
}

I fill in the token in Startup class:

public partial class Startup
{
    private static string AppKey = CloudConfigurationManager.GetSetting("ida:Password");
    private static string aadInstance = CloudConfigurationManager.GetSetting("ida:AADInstance");
    private static string TenantName = CloudConfigurationManager.GetSetting("ida:Tenant");
    private static string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, TenantName);
    private static string graphResourceId = CloudConfigurationManager.GetSetting("ida:GraphUrl");
    private BpContext db = new BpContext();

    public void Configuration(IAppBuilder app)
    {
        ConfigureAuth(app);
    }

    public void ConfigureAuth(IAppBuilder app)
    {
        string ClientId = CloudConfigurationManager.GetSetting("ida:ClientID");
        string Authority = "https://login.microsoftonline.com/common/";

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = ClientId,
                Authority = Authority,
                Scope = "User.ReadBasic.All",
                //Details omitted
                    AuthorizationCodeReceived = (context) =>
                    {
                        var code = context.Code;
                        // Create a Client Credential Using an Application Key
                        ClientCredential credential = new ClientCredential(ClientId, AppKey);
                        string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
                            "http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
                        AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
                        AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                            code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);                    
                        TokenKeeper.token = result.AccessToken;

                        return Task.FromResult(0);
                    }
                     //Details omitted
                }
            });
    }
}

I also clear the token on Sign Out.

Answer 1

The AuthenticationResult object contains both access token and refresh token. So, the refresh token can also be persisted in TokenKeeper similar to access token. When access token expires (indicated by AuthenticationResult.ExpiresOn), use the refresh token with AuthenticationContext.AcquireTokenByRefreshToken method to get new access token.

If you don't want to track refresh tokens explicitly, please refer to ADAL Cache to know how ADAL library can do it for you.

Answer 2

You can refresh access token by providing RefreshToken which you received alongside AccessToken. Since you have ID/Secret available in you code you can use them to provide ClientCredential. Code example would be:

var authContext = new AuthenticationContext(" https://login.microsoftonline.com/common ");
var result = authContext.AcquireTokenByRefreshToken(refreshToken, new ClientCredential(ClientId, AppKey));