So I have a React app where I want to ask a user to grant access to their calendar for my app. I did that using Authorisation Code with PKCE flow:
allow access to calendar
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
with params (including the encrypted verification code for PKCE is being passed in)Calendars.ReadWrite
and offline_access
code
from Authorisation Code flow
https://login.microsoftonline.com/common/oauth2/v2.0/token
to get the access_token
and refresh_token
(with the unencrypted verification token for PKCE)refresh_token
in a database and uses access_token
to add an event to user's calendarrefresh_token
to get a new access_token
without prompting the user again with Microsoft login screenI have three questions here:
refresh_token
in the backend?msal
React and JavaScript packages to somehow make it easier?