RestTemplate return object with some null data for request get token from microsoft graph

Question

In my current project, I create a service to get a token from Microsoft graph. Response from Microsoft like this.

{
    "token_type": "Bearer",
    "scope": "User.Read",
    "expires_in": 4041,
    "ext_expires_in": 4041,
    "access_token": "${token}",
    "refresh_token": "${refresh token}",
    "id_token": "${id token}"
}

I create a class to serialize responses from Microsoft.

@Setter
@Getter
@Accessors(chain = true)
@JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
public class ResponseMicrosoftAuthDto {
    private String tokenType;
    private String scope;
    private int expiresIn;
    private int extExpiresIn;
    private String accessToken;
    private String refreshToken;
    private String idToken;
}

in my service, I make a request using RestTemplate.

public ResponseMicrosoftAuthDto loginToMicrosoftGraph(String username, String password) {
        var url = "https://login.microsoftonline.com/${tenant id}/oauth2/v2.0/token";
        HttpEntity<MultiValueMap<String, String>> requestEntity = createLoginMicrosoftRequest(username, password);

        var restTemplate = new RestTemplate();

        return restTemplate.postForObject(url, requestEntity, ResponseMicrosoftAuthDto.class);
    }

I don't know why the refresh_token and id_token be null.

refresh token and id token are null

Answer 1

I know the answer from this question, I didn't get the refresh token because I didn't add offline_access scope to my request.

public MultiValueMap<String, String> createBody(String username, String password) {
        var clientId = "${client id}";
        var clientSecret = "${client secret}";
        var scope = "User.Read Mail.ReadWrite Mail.Send Calendars.ReadWrite Calendars.ReadWrite.Shared offline_access";
        var grantType = "password";

        MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
        body.add("client_id", clientId);
        body.add("scope", scope);
        body.add("client_secret", clientSecret);
        body.add("grant_type", grantType);
        body.add("username", username);
        body.add("password", password);

        return body;
    }