"AADSTS9002313: Invalid request. Request is malformed or invalid. While requesting Refresh Tokens

Question

I am trying to request refresh tokens for Graph API but am receiving the error AADSTS9002313. I am using Postman and the collection provided by Microsoft and just requested information. The authorization and the token are received correctly and am unable to figure out why only refresh tokens are failing. I have checked the AAD logs on the Azure portal but was unable to find logs related to the correlation ID.

Attached image of the request being sent. I am expecting to receive a refresh Token

Answer 1

I was able to fix the problem. I was receiving only access_token while requesting token and assumed this had to be used for refresh_token request. I was unable to see any documentation suggesting we had to include offline_access scope during authorization to receive refresh_token along with access_token, which in turn could be used to receive new refresh_tokens.

I had to use the following format for authorization to receive refresh_token during token request

GET /{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=code
&redirect_uri={redirect_uri}
&response_mode=query
&scope=https://graph.microsoft.com/.default offline_access
&state=12345