dstrockis
commented
8 years ago It's so the library can use the info stored within to do caching. Sorry for the ridiculously late reponse
Closed mprabhu11 closed 8 years ago
dstrockis
commented
8 years ago It's so the library can use the info stored within to do caching. Sorry for the ridiculously late reponse
Looking at the exchanges in Fiddler, I am seeing that an "id_token" is also included in the response when the app swaps the "code" received after the first call.
Because this is standard OAuth Auth-Code-Grant flow, why is there an "id_token". (Shouldn't that be there only in the case of OpenId requests?)
I am dumping salient requests and responses below...have truncated most strings and also not included the WS-Fed login messages.
==================================================== GET https://login.windows.net/XYZ.onmicrosoft.com/oauth2/authorize?response_type=code&resource=https%3A%2F%2FXYZ.onmicrosoft.com%2FTodoListService&client_id=2fea...&redirect_uri=ms-app%3A%2F%2Fs-1-15-2-...%2F&client-request-id=fa5...&x-clie... HTTP/1.1 --------------------------------------------------- HTTP/1.1 302 Found Location: ms-app://s-1-15-2.../?code=AwAB...&session_state=39c... ==================================================== POST https://login.windows.net/acemodaad.onmicrosoft.com/oauth2/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded client-request-id: fa5... grant_type=authorization_code&code=AwABA...&client_id=2fe...&redirect_uri=ms-app%3A%2F%2Fs-1-15-...%2F&resource=https%3A%2F%2FXYZ.onmicrosoft.com%2FTodoListService --------------------------------------------------- HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 {"token_type":"Bearer","expires_in":"3599","expires_on":"1404553293","resource":"https://XYZ.onmicrosoft.com/TodoListService","access_token":"eyJ0eXAi...","refresh_token":"AwABA...","scope":"user_impersonation","id_token":"eyJ0eX..."}