Closed nik-humphries closed 6 months ago
I've been having a play around myself to see if I can find a refresh token anywhere. I will start with I'm not a Java dev. Putting a breakpoint on line 114 of the decompiled OpenIDAuthenticationBackend.class and observing the user and client objects show that there's no refreshToken at this stage.
I'm not entirely sure how all the class construction stuff happens in Java, but I also noticed that there is no reference to a refreshToken or the method getRefreshToken in classes auth.impl/OpenIDAuthenticationBackend or spec.expression/SpecExpressionContext and getRefreshToken is referenced in the first and the class it's referenced in is referenced in the second. No idea if that has anything to do with anything though.
Hi @nik-humphries , it's great you mentioned you are using Azure B2C, this allowed me to test it with our test B2C instance. As it turns out when using Azure B2C, you need to add the offline_access
scope in order to get a refresh token (see e.g. https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow#2-get-an-access-token )
Can you try by adding this? E.g using:
proxy:
openid:
# ...
scopes: ['offline_access', '..']
I think this issue has been solved, so I'll close it, please open a new issue or re-open this issue if you are still experiencing an issue.
I see this has been mentioned here https://github.com/openanalytics/shinyproxy/issues/365 and also on the containerproxy repo https://github.com/openanalytics/containerproxy/issues/47 and here https://github.com/openanalytics/containerproxy/issues/65 (still open) and is in the documentation here https://shinyproxy.io/documentation/spel/#openid-connect
I am using Azure B2C for authentication and cannot seem to access the refreshtoken.
#{oidcUser.attributes.xxx}
works fine and so does#{oidcUser.idToken.tokenValue}
but#{oidcUser.refreshToken}
returns NULL.Is there anything obvious that I could be missing? Using the same policies elsewhere returns a refresh token (in browser msal auth).