问题
I have an Azure App Service / Web API linked to Azure AD and authentication is working, however client tokens are expiring after 1 hour, so I want to enable the OAuth refresh_token. When I inspect the results of calling /.auth/me on my service I don't see a refresh_token. Token store is enabled on the app service.
I have tried to add it to the oauth2permissions in the Azure AD manifest as follows, but it doesn't appear (I have restarted the App service and redeployed my service in case of caching of tokens) :
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to store a refresh token on behalf of the signed-in user.",
"adminConsentDisplayName": "Refresh tokens",
"id": "3AGH4D29-B64A-4A9A-8DBC-5DB3C8BBBD75",
"isEnabled": true,
"type": "User",
"userConsentDescription": "Allow the application to store a refresh token on your behalf.",
"userConsentDisplayName": "Store refresh token",
"value": "refresh_token"
}
]
I have based my attempts on the guidance given here : https://cgillum.tech/2016/03/07/app-service-token-store/
回答1:
I resolved this using the guidance here : https://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
Basically you have to update the auth settings of your app service. And there isn't a UI for it, so I used the azure resource explorer.
The key was setting the additionalLoginParams value to ["response_type=code id_token", "resource=https://graph.windows.net"].
来源:https://stackoverflow.com/questions/36320641/how-to-configure-azure-ad-to-enable-refresh-tokens