Azure active directory 是否可以将过期的Microsoft Graph API访问令牌交换为新令牌？_Azure Active Directory_Microsoft Graph Api

Azure active directory 是否可以将过期的Microsoft Graph API访问令牌交换为新令牌？

azure-active-directory microsoft-graph-api

Azure active directory 是否可以将过期的Microsoft Graph API访问令牌交换为新令牌？,azure-active-directory,microsoft-graph-api,Azure Active Directory,Microsoft Graph Api,我正在对Startup.cs中的Graph API进行身份验证： app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = appId, Authority = "https://login.microsoftonlin

我正在对Startup.cs中的Graph API进行身份验证：

    app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = appId,
                    Authority = "https://login.microsoftonline.com/common/v2.0",
                    Scope = $"openid email profile offline_access {graphScopes}",
                    RedirectUri = redirectUri,
                    PostLogoutRedirectUri = redirectUri,
                    TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = false // Setting this to true prevents logging in, and is only necessary on a multi-tenant app.
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications 
                    {
                        AuthenticationFailed = OnAuthenticationFailedAsync,
                        AuthorizationCodeReceived = async (context) =>
                        {
                            // This block executes once an auth code has been sent and received.
                            Evar idClient = ConfidentialClientApplicationBuilder.Create(appId)
                                .WithRedirectUri(redirectUri)
                                .WithClientSecret(appSecret)
                                .Build();

                            var signedInUser = new ClaimsPrincipal(context.AuthenticationTicket.Identity);
                            var tokenStore = new SessionTokenStore(idClient.UserTokenCache, HttpContext.Current, signedInUser);

                            string[] scopes = graphScopes.Split(' ');
                            var result = await idClient.AcquireTokenByAuthorizationCode(scopes, context.Code).ExecuteAsync();

                            var userDetails = await GraphUtility.GetUserDetailAsync(result.AccessToken);

检索此访问令牌后，我将其存储到类变量中。我这样做的原因是，我可以检索它，以便在与Graph API接口的一个服务（由API控制器调用）中使用

public GraphAPIServices(IDbContextFactory dbContextFactory) : base(dbContextFactory)
        {
            _accessToken = GraphUtility.GetGraphAPIAccessToken();

            _graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
            {
                requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _accessToken);
            }));
        }

我遇到的问题是，经过一段时间后，这个访问令牌最终会过期。我显然无法再次运行Startup.cs，因此没有机会检索新的访问令牌

我想知道的是，是否可以将此过期访问令牌交换为新令牌，而无需请求用户使用其凭据再次登录？

对于您的场景，您应该查找刷新令牌。因为当客户端获取访问令牌以访问受保护的资源（图）时，客户端也会收到刷新令牌。刷新令牌用于在当前访问令牌过期时获取新的访问/刷新令牌对。刷新令牌绑定到用户和客户端的组合。刷新令牌可以随时撤销，并且每次使用令牌时都会检查令牌的有效性。感谢您的响应。我只得到一个ID令牌和一个访问令牌。没有刷新令牌。我已将“脱机访问”添加到我的web应用权限中。我不完全确定我还遗漏了什么。你还在这个问题上寻求帮助吗？