Is there a reason why the Python ADAL library's authentication method acquire_token_with_client_credentials does not return a refresh token? I suppose Daemon apps do not need to use a refresh token each time they run but it seemed odd to me that the other authentication methods do return one.
Code sample:
class AzureActiveDirectory_Helper:
_config = Configuration()
_resource = _config.Resource
_graph_api_endpoint = _config.Graph_API_Endpoint
_authority = _config.Authority
def __init__(self):
self.Context = adal.AuthenticationContext(self._authority)
self.Token = self.Context.acquire_token_with_client_credentials(
resource=self._resource,
client_id=self._config.Client_ID,
client_secret="thisIsASuperSecretKey!!"
)
self.Headers = {
'Authorization' : f'Bearer {self.Token["accessToken"]}',
'Accept' : 'application/json',
'Content-Type' : 'application/json'
}
The values in self.Token do have a accessToken
value and that token does allow me to do what I need against the Azure AD app but isn't it best practice to use a refresh token instead of acquiring a fresh Token every run?
Yes, I agree that it's a best practice to use a refresh token instead of acquiring a new fresh token every time.
The issuance of a refresh token with the client credential grant has no benefit. That is why the RFC6749 section 4.4.3 indicates A refresh token SHOULD NOT be included.
As per the document,"acquire_token_with_client_credentials" returns only access token.
So to use refresh token, python adal library supports other authentication method like: "acquire_token", "acquire_token_with_refresh_token" etc. You can check the documentation.
Below are the documentation links: