更新时间:2023-11-05 17:56:10
在Global.cs中: 然后, In this documentation it gives a complete flow for a web application that calls a web API:
公共静态字符串OfflineAccessScope = ApiIdentifier + ConfigurationManager.AppSettings ["api:OfflineAccessScope"];public static string [] Scopes = new string [] {ReadTasksScope,WriteTasksScope,OfflineAccessScope};
AcquireTokenByAuthorizationCode
中的 Globals.Scopes
将返回刷新令牌.
Looking at 6. and using the code in the Azure-Samples repository active-directory-b2c-dotnet-webapp-and-webapi , I cannot get the line
AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Globals.Scopes, notification.Code).ExecuteAsync();
to return a refresh_token. It returns an IdToken and AccessToken but no RefreshToken.
By using my browser and Postman and following the steps in this document with the same B2C tenant and application I do get the refresh token as expected.
This question is similar to mine and the blog post mentioned in one of the answers provides a work around to the symptom of not having a refresh token but my question remains:
How can I get AcquireTokenByAuthorizationCode
to return a refresh_token?
The offline_access scope is optional for web apps. It indicates that your app needs a refresh token for long-lived access to resources.
Go to web.config add below:
<add key ="api:OfflineAccessScope" value="offline_access "/>
And in Global.cs :
public static string OfflineAccessScope = ApiIdentifier + ConfigurationManager.AppSettings["api:OfflineAccessScope"];
public static string[] Scopes = new string[] { ReadTasksScope, WriteTasksScope, OfflineAccessScope};
Then the Globals.Scopes
in AcquireTokenByAuthorizationCode
will return refresh token.