1

I am using msgraph-training-reactspa sdk from Microsoft which uses MSAL for authentication. It does not return any refresh token. It has acquireTokenSilent method which gets new access token.

As per our requirement I want to get user access token along with refresh token so that I can later get new access token with refresh token and use microsoft graph api in CRON to update data.

How can we login user to microsoft via react app and get the refresh token so that I can save it in my DB?

Can I get any sample reference?

Navdeep Singh
  • 13
  • 3

1 Answers1

0

To get the refresh token (which is probably useless in your scenario anyway), you need to ask for the offline_access scope in your app manifest (or in the auth request), user has to agree to that, and then the refresh token is included by the azure ad.

But what you really want is probably sol-called "app-permissions" to be able to do stuff without the user present at all using CRON or whatever (and not a refresh token). I.e. for delegated permissions, you need a user under whose account the thing will be executed anyway (and even the refresh token will expire, and then you'll have to ask for login). The sample you are referring to is using delegated permissions. Check out the difference here: Azure AD App Application Permissions vs Delegated Permissions

Nikolay
  • 10,752
  • 2
  • 23
  • 51