Closed darrenjrobinson closed 4 years ago
The MSAL.NET library handles the usage of the refresh token. Can you try the following?
Get-MsalToken -ClientId $global:myDevCred.UserName -DeviceCode -TenantId $global:myDevTenantId -RedirectUri "https://localhost"
Get-MsalToken -ClientId $global:myDevCred.UserName -Silent -TenantId $global:myDevTenantId -RedirectUri "https://localhost"
I might look at bypassing the device code logic if there is already a token in the cache.
Thx for the reply Jason. I've just tested and validated the end to end flows (on a fresh machine profile) and can confirm that the MSAL.NET DLL does get a new Access Token (I'm assuming from a stored Refresh Token in the client cache). This is fantastic.
Thx again for the great module.
Glad that worked! Yes, the RT is stored in the token cache.
Get-MsalToken -ClientId $global:myDevCred.UserName -DeviceCode -Interactive -TenantId $global:myDevTenantId -RedirectUri "https://localhost" returns and Access Token but no Refresh Token.
I suspect this is associated with functionality leveraged from Microsoft.Identity.Client.dll as I can't see anything specifically in MSAL.PS that would not provide the Refresh Token.
Writing a simple PowerShell function using the Device Code flow (without leveraging Microsoft.Identity.Client.dll) using the same Registered Application DOES return a Refresh Token.
Is there anyway to force MSAL.PS to return a Refresh Token for the Device Code flow? Device Code flow is required as the permissions required for the app aren't available as App Permissions, just Delegated Permissions.