I have a Blazor Server App running, with Azure AD B2C Authentication enabled.
Everything seems to work well, and I can access the JWT Token of the user, that I can pass with my API requests to a backend...

However, after 1 hour, the token expires (I can also check in my logic to see if the token has expired or not). And in that case, I obviously would love to get a new token, using the refresh token...

But that's where the problem lies: the refresh_token token in the HttpContext seems to be empty, while the id_token contains the actual JWT bearer token.

What could be the cause for this? (I have had both tokens empty, but never that only the refresh_token was not empty).

Some code snippets that might help in pinpointing the issue:

Configuration of the authentication in the startup logic. (using SaveTokens)

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(
        options =>
        {
            builder.Configuration.Bind("AzureAdB2C", options);
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.Scope.Add("https://xxx.onmicrosoft.com/api/action");
            options.UseTokenLifetime = true;
            options.SaveTokens = true;
            options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
        }
        ,
        options =>
        {
            options.Cookie.SameSite = SameSiteMode.None;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
            options.Cookie.IsEssential = true;
        }
    );

Access the tokens from the HttpContext

// Following variable is empty
var rToken = await _httpContextAccessor.HttpContext.GetTokenAsync("refresh_token");

// Following variable contain jwt token
var iToken = await _httpContextAccessor.HttpContext.GetTokenAsync("id_token");

Any idea, someone?

CodePudding user response：

Change ResponseType to "code id_token token"
Add offline_access to your scopes