azureoauth-2.0azure-api-managementazure-oauth

Azure APIM oAuth workflow - refresh token is missing


I enabled oAuth in Azure API management. Then using ClientId, Client Secret, Scope, Access Token URL & Grant Type, I was able to get the access token. How can I get the refresh token from the API ?

enter image description here


Solution

  • To get refresh token from the API, you need to add offline_access permission in the scope.

    Please note that, Client credentials flow works with permissions of Application type only. So, you won't get refresh token using this flow as offline_access permission is of Delegated type.

    Instead, you can make use of Authorization Code flow as Grant Type.

    I tried to reproduce the same in my environment via Postman and got below results:

    In my Azure AD application, I added API permissions like below:

    enter image description here

    To get refresh token, change the grant type to Authorization Code and include offline_access in the scope like below:

    enter image description here

    When you selected Get New Access Token, one new window will open where you have to login with your credentials as below:

    enter image description here

    After successful authentication, you will get both access token and refresh token like below:

    enter image description here enter image description here

    You don't have to make two separate calls like one to get access token and another one to get refresh token.

    Instead, you can directly add offline_access in the scope along with custom Api scope.