When an access token is expired, it's up to StandardCookieEvents to handle the refresh.
Ultimately, this will end up calling ITokenRefreshProvider and therefore RefreshTokenProvider, the RefreshTokenProvider assumes that the return value will always contain a refresh_token. On ADFS 2019, this will never contain a refresh token, only an access_token.
So the next time the RefreshTokenProvider is called, it will fail because the refresh token will be null.
The easy solution is to check if a refresh token is present, and only replace the TokenRefreshInfo.TokenRefresh if so, while being smart about the expiration date.
When an access token is expired, it's up to
StandardCookieEvents
to handle the refresh.Ultimately, this will end up calling
ITokenRefreshProvider
and thereforeRefreshTokenProvider
, theRefreshTokenProvider
assumes that the return value will always contain a refresh_token. On ADFS 2019, this will never contain a refresh token, only an access_token.So the next time the
RefreshTokenProvider
is called, it will fail because the refresh token will be null.The easy solution is to check if a refresh token is present, and only replace the
TokenRefreshInfo.TokenRefresh
if so, while being smart about the expiration date.