1

After successfully authenticating, I want to refresh my authorization token, so I issue the following request

curl -X POST \ https://login.microsoftonline.com/<my-tenant>/oauth2/v2.0/token \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -F grant_type=refresh_token \ -F refresh_token=<my-refresh-token> \ -F client_id=<my-client-id> \ -F client_secret=<my-client-secret>

However, instead of returning with a new token, I get the following response:

{ "error": "server_error", "error_description": "AADSTS50000: There was an error issuing a token.\r\nTrace ID: bb72ee21-7df2-4949-8375-e6d97b621300\r\nCorrelation ID: 719ea759-622b-4d63-be17-56fd6c255195\r\nTimestamp: 2018-06-15 09:07:13Z", "error_codes": [ 50000 ], "timestamp": "2018-06-15 09:07:13Z", "trace_id": "bb72ee21-7df2-4949-8375-e6d97b621300", "correlation_id": "719ea759-622b-4d63-be17-56fd6c255195" }

The tenant, client id and client secret are all the same as those used when obtaining the refresh token. Yet, something is apparently missing or incorrect - but what?

Improve this question

1 Answer 1

Reset to default
2

You are missing the mandatory scope parameter as described here.

You also need to provide a redirect_uri, although you just make a POST request.

And the redirect_uri must match the redirect_uri used in the original authorization call.

When refreshing an access token you have to provide a scope for which you would like to get the token. Also make sure that you understand you can only refresh the access_token, not the id_token. And access_token always has a purpose (scope).

Everything described in the documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks! In addition to requiring that the redirect_uri matches the one the original token used, it also turned out to require matching the scopes exactly. With that in place, it worked :)
Yeah, also described - the same or a subset of original scopes. I am glad that it works now ;)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.