admin管理员组

文章数量:1122832

I have registered an application in Microsoft Entra as an SPA multitanent application with the permissions as Files.ReadWrite,offline_access and User.Read.

I use MSAL library in my frontend .I am able to get access token with loginPopup method provided by the library.

const microsoftLogin=async ()=>
  {
    const loginResponse=await instance.loginPopup(loginRequest).catch((e) => {
      console.log(e);
    });
   console.log(JSON.stringify(loginResponse));
  }

Now I also need to get refreshToken so that I can use it to get a new access token any later point in time. The method doesn't provide any authCode or refreshToken in the response. I am retrieving access token via sessionStorage where Microsoft saves values with the key as

UNIQUEID+"."+loginResponse.tenantId+"-login.windows-refreshtoken-"+MICROSOFT_CLIENT_ID+"----"

However I am not able to get accessToken with that as well. I tried the api via postman.I don't have client secret.

What do I need to do in order to get refresh_token, get access token via refresh_token via SPA configured application. Do I need to change anything in my Entra Application?

I have registered an application in Microsoft Entra as an SPA multitanent application with the permissions as Files.ReadWrite,offline_access and User.Read.

I use MSAL library in my frontend .I am able to get access token with loginPopup method provided by the library.

const microsoftLogin=async ()=>
  {
    const loginResponse=await instance.loginPopup(loginRequest).catch((e) => {
      console.log(e);
    });
   console.log(JSON.stringify(loginResponse));
  }

Now I also need to get refreshToken so that I can use it to get a new access token any later point in time. The method doesn't provide any authCode or refreshToken in the response. I am retrieving access token via sessionStorage where Microsoft saves values with the key as

UNIQUEID+"."+loginResponse.tenantId+"-login.windows.net-refreshtoken-"+MICROSOFT_CLIENT_ID+"----"

However I am not able to get accessToken with that as well. I tried the api via postman.I don't have client secret.

What do I need to do in order to get refresh_token, get access token via refresh_token via SPA configured application. Do I need to change anything in my Entra Application?

  • azure
  • single-page-application
  • azure-ad-msal
  • refresh-token
  • microsoft-entra-id
Share Improve this question edited yesterday Rukmini 14.9k2 gold badges7 silver badges20 bronze badges Recognized by Microsoft Azure Collective asked yesterday akaparadoxakaparadox 275 bronze badges 6
  • What headers are you passing? – Rukmini Commented yesterday
  • all are auto generated headers. Content-Type is application/x-www-form-urlencoded – akaparadox Commented yesterday
  • 1 You have to pass Origin : Your redirect URL as header to resolve the error – Rukmini Commented yesterday
  • 1 @Rukmini . Thank you very much , it worked. I read that the validity of refresh token is 24 hours for SPA and 90 days for web. What will be the validity of this refresh token ? Can I use the refresh token to generate token for 90 days? – akaparadox Commented yesterday
  • stackoverflow.com/questions/78707843/… check this – Rukmini Commented yesterday
 |  Show 1 more comment

1 Answer 1

Reset to default 1

The error "AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests" usually occurs if you are not passing origin as header in the request.

To generate access and refresh token for SPA application, check the below:

Created a Microsoft Entra ID application and configured redirect URL as SPA:

Used the below endpoint to sign in user and generate code:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize? 
response_type=code  
&client_id=ClientID
&scope=Files.ReadWrite offline_access User.Read
&redirect_uri=https://jwt.ms
&code_challenge=XXX
&code_challenge_method=S256

Generated access and refresh tokens by passing below parameters:

https://login.microsoftonline.com/common/oauth2/v2.0/token

client_id : ClientID
grant_type : authorization_code
code : code
redirect_uri : https://jwt.ms
code_verifier : S256
scope : Files.ReadWrite offline_access User.Read

Make sure to pass origin header (Value is redirect URL):

To refresh the access token, make use of below parameters:

https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id:appID
grant_type:refresh_token
refresh_token: xxx //paste the refresh token that you got above

Make sure to pass origin header (Value is redirect URL):

I am able to successfully refresh the access token:

本文标签: Get a refresh token of an SPA application using Microsoft Entra(Azure AD)Stack Overflow

版权声明:本文标题:Get a refresh token of an SPA application using Microsoft Entra(Azure AD) - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736282267a1926590.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。