16

I want to integrate with Miscrosoft Outlook. I am able to login with MSAL.js and get an access token, but I am not able to get a refresh token. Is there a way to do it?

user911
  • 1,509
  • 6
  • 26
  • 52
Igor G.
  • 6,955
  • 6
  • 26
  • 26

3 Answers3

11

I'll assume that since you're using the MSAL.js (https://github.com/AzureAD/microsoft-authentication-library-for-js) that you're using implicit flow for authentication and authorization.

Implicit flow doesn't support refresh tokens, but you can request a new token silently. This is done similarly to how you request the token (id or access) in the first place. Unfortunately, I haven't found that MSAL.js does this transparently and I've needed to detect expired tokens and request the new tokens in my code. You can read more about refreshing tokens here.

Alternatively, if what you're implementing allows you to use one of the other MSAL libraries (for example, the .Net one) then you can use one of the other OAuth flows that explicitly support refresh tokens.

nbrowne
  • 481
  • 1
  • 5
  • 10
  • 1
    thanks for the answer @nbrowne. Can you review this part of ur answer: "Unfortunately, I haven't found that MSAL.js does this transparently.." – spottedmahn Jan 03 '18 at 22:36
3

I couldn't find any answer in the MSAL.js documentation, however this source code comment suggests you can renew a token manually by passing only the clientId as your scope to acquireTokenSilent.

To renew idToken, please pass clientId as the only scope in the Authentication Parameters

Sandy Chapman
  • 11,133
  • 3
  • 58
  • 67
  • @AaronFriedman this comment is correct but I had to set up something to manually do this on a timer or listening to the browser onLine events. – Sandy Chapman Sep 23 '20 at 20:27
  • When you set this up manually, do you retrieve an access token as well? – afriedman111 Sep 24 '20 at 17:56
  • 1
    Yes, I do a double token acquisition. Do the silent token with the client ID and then another with the regular scope. – Sandy Chapman Sep 24 '20 at 17:58
  • So just to verify, the scopes should just look like: ['client_id'] – afriedman111 Sep 24 '20 at 18:01
  • @AaronFriedman IIRC that's all you need assuming client_id is replaced with your actual client ID. – Sandy Chapman Sep 24 '20 at 18:08
  • 1
    It worked. My problem was that I was using the npm package @azure/msal-angular. I switched to the msal package then reimplemented the auth for my project. After implementing a solution for the msal package release version, I was able to get the silent id_token renewal working. Thanks! – afriedman111 Sep 26 '20 at 19:56
  • @AaronFriedman I had a very similar problem with the React msal library. Switching to the standard msal lib was easier than dealing with the issues. Glad to hear you got it working. – Sandy Chapman Sep 27 '20 at 00:48
  • Requesting with a scope of your ClientID returns an ID Token (`res.idToken`) but no access token (`res.accessToken`). – PeterM Oct 02 '20 at 22:03
  • @PeterMark that's right, I had to request with the scope again after acquiring a new id token to get an access token IIRC. – Sandy Chapman Oct 02 '20 at 22:08
3

I use msal v1.4.0

I remove 2 keys in storage (see picture) then call acquireTokenSilent again to get new access token. enter image description here Code to remove those 2 keys:

const keys = Object.keys(sessionStorage).filter(x => x.indexOf('authority') > 0)
keys.forEach(x => sessionStorage.removeItem(x))
qnguyen
  • 444
  • 9
  • 21
  • Can exchange `sessionStorage` for `localStorage` – PeterM Oct 02 '20 at 22:07
  • In version 1.4.2 this tends to occasionally throw "cannot_parse_cache" – PeterM Oct 27 '20 at 23:21
  • I don't have issues with 1.4.2. You can try by downloading a sample app from Microsoft at https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp Change the library in index.html to 1.4.2 (it's still 1.4.0 now) then add the codes to remove 2 keys in getTokenPopup() before calling acquireTokenSilent() – qnguyen Oct 28 '20 at 11:29
  • @PeterMark This got fixed in 1.4.3! – sandrooco Nov 03 '20 at 08:28
  • Hey, could you explain how to call the `acquireTokenSilent` method as well? I'm struggling to find out how to call it. – yesman Nov 25 '20 at 10:43
  • 1
    @yesman create an instance: `const myMSALObj = new Msal.UserAgentApplication(msalConfig)` then `myMSALObj.acquireTokenSilent(request)`. You can see a sample project at https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp There are examples for popup and redirect in JavaScriptSPA folder (authPopup.js and authRedirect.js) – qnguyen Nov 26 '20 at 22:18