question

TimoVerbeek-4758 avatar image
0 Votes"
TimoVerbeek-4758 asked amanpreetsingh-msft answered

Oath 2.0 flow Refreshing access token incorrectly requires scope in documentation?

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#refresh-the-access-token

According to the documentation, when refreshing a access token in the oath 2.0 flow the parameter scope is required.
Is this a mistake in the documentation or maybe future proofing?
I have tested this locally and when I don't supply any scope when refreshing the access token I still just get a new access token with the original scope.
For our application it is easier to not have to keep track of the scopes after the initial step so I want to make sure that this does not cause any issues.

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @TimoVerbeek-4758 · Thank you for pointing this out.

You are right, scope is not a required parameter while redeeming a refresh token to get new access and refresh token pair. I have changed required to optional for the scope parameter under Refresh the access token section in the document and sent the change to the document author.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.