0

I am requesting an access token with a refresh token and I would like to try handle for an expired token.

I am not in a position to revoke the refresh tokens for my test accounts to try figure it out.

I have tried giving an invalid refresh token biut it gives the error

{"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: ecf9fec9-b75c-4b4c-9c74-70273e6d1b00\r\nCorrelation ID: 44946f49-bb25-450d-86d3-121d3f279f21\r\nTimestamp: 2019-07-24 16:15:20Z","error_codes":[9002313],"timestamp":"2019-07-24 16:15:20Z","trace_id":"ecf9fec9-b75c-4b4c-9c74-70273e6d1b00","correlation_id":"44946f49-bb25-450d-86d3-121d3f279f21"}

Obviously it is detecting it as a not a valid refresh token apposed to an expired token

Improve this question

3 Answers 3

Reset to default
1

We have recently updated our documentation to help with getting access tokens.

To ensure you have the latest check out these steps https://learn.microsoft.com/en-us/graph/sdks/sdk-installation#install-the-microsoft-graph-java-sdk

To initiate the client https://learn.microsoft.com/en-us/graph/sdks/create-client?tabs=Java

Like this

ClientCredentialProvider authProvider = new ClientCredentialProvider(CLIENT_ID, SCOPES, CLIENT_SECRET, TENANT_GUID, NATIONAL_CLOUD);

IGraphServiceClient graphClient = GraphServiceClient
                .builder()
                .authenticationProvider(authProvider)
                .buildClient();

And you'll want to decide which provider you need here https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=Java#authorization-code-provider

likely this one

AuthorizationCodeProvider authProvider = new AuthorizationCodeProvider(
                                                    clientId,
                                                    scopes,
                                                    authorizationCode,
                                                    redirectUri,
                                                    clientSecret);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi Jeremy. I think you have misunderstood my question. I can request the tokens I need with graph no problem. I am wondering what error graph returns if I provide a revoked refresh token when I ask for an access token using said refresh token?
1

It is usually a best practice to work against classes of error. For example, the usual response to a expired refresh token would be to require user interaction and the user authenticates again. Our MSAL libraries would throw a user interaction required exception and then you app would call to acquire the token needed interactively.

Improve this answer

Comments

0

Microsoft Identity has documentation on the refresh tokens here https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#refresh-the-access-token

and a list of error codes here https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#error-codes-for-token-endpoint-errors

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.