Get refresh token with Azure AD V2.0 (MSAL) and Asp .Net Core 2.0

Question

I\'ve got access_token from Azure Ad V2.0 endpoint to call Graph Api. But I have to do some actions in the api on behalf of user. So I need refresh_token to renew my access_

Answer 1

I got a bit topsy-turvy on this, as well. Explaining a bit more based on my understanding.

• For context, OAuth 2.0 code grant flow mentions the following steps:
  • authorization, which returns auth_code
  • using auth_code, to fetch access_token (usually valid for 1 hr) and refresh_token
  • access_token is used to gain access to relevant resources
  • after access_token expires, refresh_token is used to get new access_token
• MSAL.NET abstracts this concept of refresh_token via TokenCache.
  • There is an option to serialize TokenCache. See Token cache serialization in MSAL.NET. This is how to preserve sign-in info b/w desktop application sessions, and avoid those sign-in windows.
  • AcquireTokenSilentAsync is the process by which refresh_token is used to get new access_token, but, this is internally done. See AcquireTokenSilentAsync using a cached token for more details and other access patterns.

Hope this clarifies on why TokenCache is the 'new' refresh_token in MSAL.NET, and TokenCache is what you would need to serialize and save. There are libraries like Microsoft.Identity.Client.Extensions.Msal that aid in this.