3.2.5.2.1.1.1 x-ms-RefreshTokenCredential HTTP header format

The x-ms-RefreshTokenCredential HTTP header is a signed JWT, as defined in section 2.2.1.1.

The JWT fields MUST be given the following values:

iat (OPTIONAL): See [OIDCCore] section 2.

refresh_token (REQUIRED): A primary refresh token that was previously received from the server. See section 3.1.5.1.2.

request_nonce (REQUIRED): A nonce previously obtained from the server by making the request. See section 3.1.5.1.1.

ua_client_id (OPTIONAL): A client_id of the user-agent using this header.

ua_redirect_uri (OPTIONAL): A redirect_uri of the user-agent using this header

x_client_platform (OPTIONAL): The value is used to inform the AAD/server the platform on which this header is created.<7>

win_ver (OPTIONAL): This claim has the operating system version information.<8>

windows_api_version (OPTIONAL): The version value is "2.0.1". This information is used to indicate to the server that the client has the ability to handle nonce challenges.

The JWT header fields MUST be given the following values:

alg (REQUIRED): The supported value is "HS256", which indicates the algorithm that is used for the signature. See [RFC7515] section 4.

ctx (REQUIRED): The base64-encoded bytes used for signature key derivation. Refer to section 3.1.5.2.1.3 for details.

kdf_ver (OPTIONAL): If ctx was created using KDFv2, the client MUST include the JWT header with this field value set to 2.