I have a Blazor Server App running, with Azure AD B2C Authentication enabled.
Everything seems to work well, and I can access the JWT Token of the user, that I can pass with my API requests to a backend...
However, after 1 hour, the token expires (I can also check in my logic to see if the token has expired or not). And in that case, I obviously would love to get a new token, using the refresh token...
But that's where the problem lies: the refresh_token
token in the HttpContext
seems to be empty, while the id_token
contains the actual JWT bearer token.
What could be the cause for this? (I have had both tokens empty, but never that only the refresh_token was not empty).
Some code snippets that might help in pinpointing the issue:
Configuration of the authentication in the startup logic. (using SaveTokens
)
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(
options =>
{
builder.Configuration.Bind("AzureAdB2C", options);
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.Scope.Add("https://xxx.onmicrosoft.com/api/action");
options.UseTokenLifetime = true;
options.SaveTokens = true;
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
}
,
options =>
{
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
}
);
Access the tokens from the HttpContext
// Following variable is empty
var rToken = await _httpContextAccessor.HttpContext.GetTokenAsync("refresh_token");
// Following variable contain jwt token
var iToken = await _httpContextAccessor.HttpContext.GetTokenAsync("id_token");
Any idea, someone?
CodePudding user response:
Change ResponseType
to "code id_token token"
Add offline_access
to your scopes