'Getting a Azure AD refresh token and auth code using MSAL

I am working on an application with Ruby on Rails back-end and EmberJS Front-end.

I would like to achieve the following.

  1. Log in user with MSAL with Ember FE
  2. Get the auth_code and pass on to the back end
  3. From the back end, fetch access token and refresh token.
  4. Use it to send email using azure Graph API.

Basically I would like to perform step 1 of azure ad auth, i.e. fetching the auth_code, at the front end. And then perform step 2 at the back end. And then refresh the tokens at the back-end as needed.

I believe MSAL provides no good way to achieve this. When user consents (Step 1), it uses the auth_code by itself to fetch access_token and refresh_token (Step 2), and cashes it without exposing the values. It invokes acquireTokenSilent method to refresh the tokens when needed.

I can see that MSAL also has a ssoSilent method, which performs only step 1 of auth and returns auth code. I tried to use it in the following manner

  signIn = () => {
    myMSALObj
      .loginPopup(loginRequest)
      .then(this.handleResponse)
      .catch((error) => {
        console.error(error);
      });
  };

  handleResponse = (resp) => {
    console.log('>>>> Response', resp);

    // this.token = resp;
    if (resp !== null) {
      username = resp.account.username;
      //  showWelcomeMessage(resp.account);
      resp.account = myMSALObj.getAccountByUsername(username);
      console.log('Resp => ', resp);
      myMSALObj
        .ssoSilent(resp)
        .then((r) => {
          console.log(r);
        })
        .catch((e) => {
          console.log('Error ->', e);
        });
    } else {
      //  loadPage();
    }
  };

This always ends up in the following error

InteractionRequiredAuthError: interaction_required: Silent authentication was denied. The user must first sign in and if needed grant the client application access to the scope ...

Even when the user has just consented for these scopes.

Is there something I am missing?

or

Is there any better way to achieve this functionality?

Thanks in advance for any help

I am using Rails 6 with Ember 4.1

azureember.jsazure-active-directorymsal


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions