Hello Stephen!
Stephen Isard wrote in
<[email protected]>:
|On Sat, 17 May 2025, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote:
|...
|> Now i tried it with and without this commented out, with the two
|> accounts i have, but it does not make a difference. In both cases
|> i have to become interactive, and then both access_token and
|> refresh_token are updated?
|
|I don't think so. Yes, the access_token will be updated, but without
|offline_access, I'll bet you are getting the same, unchanged,
|refresh_token that you started with. The only way that a new
I .. don't think this was true, Stephen.
|refresh_token gets into the resource file is via lines 343-344 in
|response_check_and_config_save in the helper program
|
| if resp.get('refresh_token'):
| cfg['refresh_token'] = resp.get('refresh_token')
|
|Without offline_access in the scope, there is no refresh_token in the
|response and resp.get('refresh_token') fails, so cfg['refresh_token']
|doesn't change. Try putting some debug printing around those lines.
|
|In other words, without offline_access in the scope, once your
|refresh_token expires, it stays expired until you start all over again
|with a fresh template, forcing you to do the interactive thing every
Definetely not, Stephen.
|hour or so as your access_token expires. But if you have offline_access
|in the scope, an interactive session will get a new refresh token and
|you only have to be interactive about once a month.
Unfortunately the (real) timeout is not yet expired, i tried it
some minutes ago
timeout=3599
-timestamp=1747661489
+timestamp=1747523411
and i even was not required to become interactive! That only
refreshed access_token=, with the scope= without offline_access.
I wait until tomorrow so that the other timeout definetely (?)
expired, and then try it again with the other account, but i am
sure refresh_token gets renewed (after becoming interactive).
Having said all that, maybe it really is tenant= specific (i have
tenant=common), and it is true what you say that the saved variant
as it comes back from Microsoft does not include offline_access,
even though, as far as i recall, it was absolutely needed to set
things up. So something has to be done about that, maybe some
kind of boolean setting that avoids updating scope= with the
returned upstream value??
|Stephen Isard
--End of <[email protected]>
Ciao, Stephen, and greetings from Germany!
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
