Auth0 Home Blog Docs

How to renew identity provider (Azure AD) access token?

refresh-tokens
azure-ad
access-token
renew

#1

With v2 endpoint GET /api/v2/users/{id} we can retrieve the user with the access/refresh token issued by Microsoft AAD. But the access_token expires after some time (~1 hour).

Is there anyway I can renew that token through Auth0? I have the refresh token, but I cannot renew it through my app since it is a SPA and I will need the client id and client secret to renew to token.


#2

To my knowledge, only a full re-authentication by the user would renew that access token. Having said that the process to obtain those access and refresh tokens already implies that you don’t do it through a public client as those types of client won’t also be able to correctly use client credentials to get a Management API token to call the users endpoint with the correct scopes.

The recommended approach would be to leverage the refresh token and refresh the access token from a suitable client application. For example, if your SPA already talks to a properly authorized API, that API can broker this process and act as a non-interactive client application with regards to Auth0. This would allow the API to obtain the refresh token and also use the associated client secret to perform the renewal.


#3

Thank you for your respond. That is what I was thinking, but before implementing that, I wanted to check if there is any solution in auth0 side.
Thank you


#4

Thank you for your respond. That is what I was thinking, but before implementing that, I wanted to check if there is any solution in auth0 side.
Thank you


#5