Search code examples

How to automatically refresh access token

I have an api with the following scopes (api_access and offline_access):

api scopes

And a front end blazor app that uses code flow and consumes that api. Here's how I'm configuring authentication:

builder.Services.AddAuthentication(options =>
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.Authority = "xxxxx";
                options.ClientId = "xxxxx";

                options.ResponseType = "code";

                options.SaveTokens = true;


               options.ClientSecret = "xxxxx";

And here's how I'm requesting the access code to call the api:

var access_token = await httpContext.GetTokenAsync("access_token");

This works, but the access token expires in one hour. I don't get a new token when I call httpContext.GetTokenAsync("access_token") again after it is expired. How to get a new valid token?


  • Depending on your design, you can use refresh_token to get new access_token. You need to call the /token endpoint with your refresh_token.

    Example copied from documentation.

    POST /{tenant}/oauth2/v2.0/token HTTP/1.1
    Content-Type: application/x-www-form-urlencoded

    Here is what Microsoft says about this

    However, is probably some library which handles that client side chore.