多租户应用的授权 API 响应中不存在刷新令牌
Refresh token not present in response of Authorization API for multi tenant app
根据 https://docs.microsoft.com/en-us/graph/auth-v2-user
中的第 3 步“获取令牌”
API应该return,
{
"token_type": "Bearer",
"scope": "user.read%20Fmail.read",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4..."
}
但它正在 returning,[缺少刷新令牌]
{
"token_type": "Bearer",
"scope": "user.read Fmail.read",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZ9...."
}
你能帮我看看我遗漏了什么吗?
您必须将 offline_access 添加到范围才能获得刷新令牌:
With the Microsoft identity platform endpoint, permissions are
requested using the scope parameter. In this example, the Microsoft
Graph permissions requested are for User.Read and Mail.Read, which
will allow the app to read the profile and mail of the signed-in user.
The offline_access permission is requested so that the app can get a
refresh token, which it can use to get a new access token when the
current one expires.
根据 https://docs.microsoft.com/en-us/graph/auth-v2-user
中的第 3 步“获取令牌”API应该return,
{
"token_type": "Bearer",
"scope": "user.read%20Fmail.read",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4..."
}
但它正在 returning,[缺少刷新令牌]
{
"token_type": "Bearer",
"scope": "user.read Fmail.read",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZ9...."
}
你能帮我看看我遗漏了什么吗?
您必须将 offline_access 添加到范围才能获得刷新令牌:
With the Microsoft identity platform endpoint, permissions are requested using the scope parameter. In this example, the Microsoft Graph permissions requested are for User.Read and Mail.Read, which will allow the app to read the profile and mail of the signed-in user. The offline_access permission is requested so that the app can get a refresh token, which it can use to get a new access token when the current one expires.