I'm trying to move an existing angular 9 app from using an implicit flow with azure B2C to using the new auth code grant flow with PKCE. I'm using the @azure/msal-angular package and almost have it working. Just waiting on our identity management team to enable some settings.
But I'm wondering if this package automatically refreshes the bear token with the refresh token that we get in the token response? Or do I have to do some manual magic to get the refresh to happen? I'm not finding anything in this package's documentation pertaining to refresh tokens, wondering if anybody out there is using this and knows what the default behavior is with this package as it pertains to the use of the refresh token.
Yes, it automatically handles the token refresh.
From the Microsoft Documentation:
Acquiring tokens silently (from the cache)
MSAL maintains a token cache (or two caches for confidential client applications) and caches a token after it's been acquired. In many cases, attempting to silently get a token will acquire another token with more scopes based on a token in the cache. It's also capable of refreshing a token when it's getting close to expiration (as the token cache also contains a refresh token).