When an access token is expired, it's up to StandardCookieEvents to handle the refresh.
Ultimately, this will end up calling ITokenRefreshProvider and therefore RefreshTokenProvider, the RefreshTokenProvider assumes that the return value will always contain a refresh_token. On ADFS 2019, this will never contain a refresh token, only an access_token.
So the next time the RefreshTokenProvider is called, it will fail because the refresh token will be null.
The easy solution is to check if a refresh token is present, and only replace the TokenRefreshInfo.TokenRefresh if so, while being smart about the expiration date.
When an access token is expired, it's up to
StandardCookieEventsto handle the refresh.Ultimately, this will end up calling
ITokenRefreshProviderand thereforeRefreshTokenProvider, theRefreshTokenProviderassumes that the return value will always contain a refresh_token. On ADFS 2019, this will never contain a refresh token, only an access_token.So the next time the
RefreshTokenProvideris called, it will fail because the refresh token will be null.The easy solution is to check if a refresh token is present, and only replace the
TokenRefreshInfo.TokenRefreshif so, while being smart about the expiration date.