Not able to get refresh token for Microsoft Graph API using access token in php

Question

I have Access token for v2.0 but when i am trying to get refresh token that is long lived. its give me an error

prnt.sc/zaudnSFYhecT

and below is the code that i am trying to add

 function RefreshToeknOutlook($params) {
        $res_data=[
            'error_msg'=>"",
            "full_res"=>[],
            "ol_access_token_new"=>"",
            "ol_refresh_token_new"=>"",
            "ol_token_expiry_date"=>""
        ];
        $error_msg="";
        $url = $params['url'];
        $clientId=$params['clientId'];
        $refreshToken=$params['refreshToken'];
        $clientSecret=$params['clientSecret'];
        $data = [
            'client_id' => $clientId,
            'scope' => "Calendars.Read",
            'refresh_token' => $refreshToken,
            'grant_type' => 'refresh_token',
            'client_secret' => $clientSecret
        ];
        //'scope' => 'openid profile offline_access User.Read Calendars.ReadWrite',
        $options = [
            CURLOPT_URL => $url,
            CURLOPT_POST => true,
            CURLOPT_POSTFIELDS => http_build_query($data),
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_HTTPHEADER => [
                'Content-Type: application/x-www-form-urlencoded'
            ],
        ];

        $ch = curl_init();
        curl_setopt_array($ch, $options);
        $response = curl_exec($ch);
        if(curl_errno($ch)) {
            $error_msg= 'Error:' . curl_error($ch);
        }
        curl_close($ch);

        $responseData = json_decode($response, true);
        $res_data['full_res']=json_decode($response);
        if (isset($responseData['error'])) {
            $error_msg= "Error: " . $responseData['error_description'] . "\n";
        } else {
            if(isset($responseData['refresh_token']))
            {
                $res_data['ol_access_token_new']=$responseData['access_token'];
                $res_data['ol_refresh_token_new']=$responseData['refresh_token'];
                $res_data['ol_token_expiry_date']=$responseData['expires_in'];

            }   
        }

        $res_data['error_msg']=$error_msg;
        return $res_data;

}//function

from here i have taken refrence. https://learn.microsoft.com/en-us/graph/auth-v2-user?tabs=http

this is something else what i should do?

Answer 1

To get the refresh token along with access token, make sure to add offline_access permission in scope parameter.

In my case, I ran below authorization request in browser to get code value by adding offline_access in scope like this:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize
?client_id=appId
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=Calendars.Read offline_access
&state=12345

When I used this code value by including offline_access scope with below parameters, I got both refresh token and access token like this:

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
grant_type:authorization_code
client_id:appId
client_secret:secret
scope:Calendars.Read offline_access
code:code
redirect_uri:https://jwt.ms

Response:

You can make use of this refresh token value to get access token by running below API via Postman:

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
grant_type:refresh_token
client_id:appID
client_secret:client_secret
refresh_token: M.C518_BAY.0.U.-CvbB6hHQBC //paste the refresh token that you got above
scope: Calendars.Read 

Response:

You can use this access token to read user's calendar events like this:

GET https://graph.microsoft.com/v1.0/me/events

Response: