refresh token not appearing for microsoft teams spoke

archie5
Tera Expert

‎04-16-2025 06:22 PM

Hi,

I am using MS Teams Spoke as below. Also, tried with grant type as client credentials and given offline_access scope. I am getting access token that is expiring in an hour but not receiving refresh token. Am I missing something or Microsoft Team needs to provide on their end?

archie5_0-1744852806837.png

Thanks,

Archie

0 Helpfuls
  • 804 Views
6 REPLIES 6

J Siva
Tera Sage

‎04-16-2025 07:27 PM

Hi @archie5 

This behavior is expected. We encountered a similar issue and contacted the vendor. Below is the response from ServiceNow:

 

=>Expiration and Auto-Renewal: When the access token expires (which is usually defined by the expires_in field in the response, often set to 3600 seconds or 1 hour), your application must request a new one automatically.

=>No Refresh Token: For the Client Credentials Grant Type, there is no refresh token provided (unlike other grant types, such as the Authorization Code Grant), so you can't simply "refresh" the token.
Instead, you must re-authenticate by sending another request to the token endpoint (the same process you used to initially obtain the access token). There is no manual intervention needed here.

=>Every time an API call is made it first checks the access token and then if it is expired it runs a post call to token end point and fetches the new access token.

=>Then it will run another API call with this access token to retrieve the data from the end point.

 

Solution Proposed:
=> For client credentials grant type there is no refresh token concept and the access token is auto updated based on the API calls we make provided we are passing the correct client secret & ID in the request.

 

Hope this helps.
Regards,
Siva

 

0 Helpfuls

archie5
Tera Expert
In response to J Siva

‎04-17-2025 06:57 AM

Thanks @J Siva, If I use Authorization code and add scope offline_access then also not getting refresh token, then MS Team needs to configure it on their end right?

0 Helpfuls

archie5
Tera Expert
In response to archie5

‎04-17-2025 06:59 AM

Also @J Siva When you said 'when using client_credential, you must re-authenticate by sending another request to the token endpoint (the same process you used to initially obtain the access token). There is no manual intervention needed here.' How do we do this?

0 Helpfuls

J Siva
Tera Sage
In response to archie5

‎04-17-2025 07:08 AM

Hi @archie5 


This happens automatically when the actual API is called.

We're using the Microsoft Intune API to load asset details via a scheduled job.
Every time the Intune API is accessed, the system checks for a valid access token.
Similarly, when the system calls the Microsoft Teams API, it first verifies the token's validity. If the token is invalid or missing, a new one is automatically generated.

 

Regards, 

Siva

0 Helpfuls