'Azure : How to i get the Refresh Token ? using Curl when the Output of the connection only gives Access Token
I am unable to get Refresh Token using Azure Service Principal (using Client ID & Client Secret)
Kindly help me in getting the refresh token via CURL and how to use it.
When i run the below CURL command in Windows CMD Prompt, i am getting Access Token. Whereas i am not getting refresh token along with it.
am i missing something here ?
Input :
curl -X POST https://login.microsoftonline.com/12345/oauth2/token ^
-F grant_type=client_credentials ^
-F resource=https://management.core.windows.net/ ^
-F client_id=12345-abcde ^
-F client_secret=12345abcde
Output:
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "3600",
"expires_on": "1554368330",
"not_before": "1554364430",
"resource": "https://management.core.windows.net/",
"access_token": "XXXXXXXXXXXXX"
}
As the output doesn't have refresh token (how do i get it)
Kindly requesting for any possible insights
Solution 1:[1]
You don't get refresh tokens with client id and secret. It doesn't make sense. Refresh tokens only make sense when a user is involved. Since there it allows you to get new tokens without prompting the user to login again.
You don't need a refresh token. You can get new tokens with client id and secret when you want.
Solution 2:[2]
Change the grant_type to 'password', add username and password to the request.
curl -X POST https://login.microsoftonline.com/12345/oauth2/token ^
-F grant_type=password ^
-F resource=https://management.core.windows.net/ ^
-F client_id=12345-abcde ^
-F client_secret=12345abcde ^
-F [email protected] ^
-F password=******
You will be able to get the refresh_token.
{
"token_type": "Bearer",
"scope": "User.ReadWrite.All",
"expires_in": "3600",
"ext_expires_in": "3600",
"expires_on": "1554711949",
"not_before": "1554708049",
"resource": "https://management.core.windows.net/",
"access_token": "******",
"refresh_token": "******"
}
You can use the refresh_token to refresh the access token.
Solution 3:[3]
Given an existing refresh token
, this request gets a new access token
and a new refresh token
, which one can use to iteratively fetch new ones before the expiration period, e.g. with a timer based process.
curl 'https://login.microsoftonline.com/common/oauth2/v2.0/token' \
-H "Origin: https://localhost" \
-H 'content-type: application/x-www-form-urlencoded;charset=utf-8' \
--data-raw "client_id=${CLIENT_ID}&refresh_token=${REFRESH_TOKEN}&grant_type=refresh_token&scope=openid%20profile%20User.Read%20offline_access"
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | juunas |
Solution 2 | Tony Ju |
Solution 3 | Devis L. |