0

I am creating the accesstoken using below command:

Get-ADALAccessToken -AuthorityName exterrobiz.onmicrosoft.com -ClientId a0c73c16-a7e3-4564-9a95-2bdf47383716 -ResourceId https://ps.compliance.protection.outlook.com/PowerShell-LiveId -RedirectUri "urn:ietf:wg:oauth:2.0:oob" -ForcePromptSignIn

It will provide the access token. Using this token I can able to perform the security and compliance operation.

Received token is valid for 1hr and I want to renew the accesstoken automatically without user intervention. I have refresh token and ID token received in the above result (able to read from cache). How can I get the new access token with the available refresh token?

I am using application client id (a0c73c16-a7e3-4564-9a95-2bdf47383716) provided by Microsoft and there is no secret key to hit the endpoint to refresh the accesstoken.

I am unable to get the solution to achieve this.

Frank H
  • 831
  • 1
  • 7
  • 15
Samraj
  • 83
  • 2
  • 11

1 Answers1

0

The refresh flow is described in the Microsoft Docs here :

For the V1 Endpoint : https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#refreshing-the-access-tokens

For the V2 Endpoint : https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

And this link goes to an explanation on the difference between the two : https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison

It looks like the library you're using for your powershell cmdlet is from here : https://www.powershellgallery.com/packages/Microsoft.ADAL.PowerShell/1.12

This is first an outdated library (ADAL), and it doesn't look like it's actually even an official powershell library.

Currently there are no official docs on utilizing the adal/msal libraries to make calls within a powershell environment to get access tokens/ID tokens/ refresh tokens.

If you're interested in this, I suggest filing this as feedback against the Azure AD Feedback uservoice and if there's enough community support the Microsoft Product team will look into implementing this : https://feedback.azure.com/forums/169401-azure-active-directory

For a current fix, I suggest taking a look at Shawntabrizi's MSAL/ADAL git repos. The MSAL repo can be found here :

MSAL : https://github.com/shawntabrizi/Microsoft-Authentication-with-PowerShell-and-MSAL

ADAL : https://github.com/shawntabrizi/Azure-AD-Authentication-with-PowerShell-and-ADAL

If you're looking for a powershell cmdlet in particular to refresh your access token, it will be the acquiretokensilentasync call from the MSAL library. This is described further here :

MSAL Wiki: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AcquireTokenSilentAsync-using-a-cached-token

ADAL Wiki : https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/AcquireTokenSilentAsync-using-a-cached-token

Frank H
  • 831
  • 1
  • 7
  • 15