从过去几周开始，我们很少有客户抱怨我们的应用程序每1小时自动吊销Office365 oauth。这是典型的行为，因为访问令牌的有效期为1小时，因此我们的应用旨在使用oauth期间捕获的刷新令牌来自动刷新访问令牌。

这似乎不适用于最近几周的最少客户。 Office365令牌api-https://login.windows.net/common/oauth2/token

{"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 7f80c2c3-41bc-41bd-8304-b56969c83a00\r\nCorrelation ID: 5a08714a-1e7d-4f32-814d-146bc721e8ab\r\nTimestamp: 2020-10-12 05:42:11Z","error_codes":[9002313],"timestamp":"2020-10-12 05:42:11Z","trace_id":"7f80c2c3-41bc-41bd-8304-b56969c83a00","correlation_id":"5a08714a-1e7d-4f32-814d-146bc721e8ab","error_uri":"https://login.windows.net/error?code=9002313"}

在这里，错误代码'9002313'指出与auth参数有关的一些问题，尤其是我们的azure应用程序的'client_id'。 （reference）

发送以下数据以获取新的访问令牌

1. client_id（与Azure应用有关）
2. client_secret（与Azure应用有关）
3. grant_type ='refresh_token'
4. refresh_token

编辑1：将令牌端点更新为v2.0

请求URI

POST https://login.microsoftonline.com/common/oauth2/v2.0/token

请求正文

client_id=<client-id> &scope=https://outlook.office365.com/Calendars.ReadWrite https://outlook.office365.com/Contacts.ReadWrite https://outlook.office365.com/Mail.ReadWrite &refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq... &grant_type=refresh_token &client_secret=<client-secret>

响应正文

{"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 4447c69e-09d6-4a00-8dfe-735106d71200\r\nCorrelation ID: 1820e135-a511-4516-99d9-b6cebb342eb2\r\nTimestamp: 2020-10-13 03:39:37Z","timestamp":"2020-10-13 03:39:37Z","trace_id":"4447c69e-09d6-4a00-8dfe-735106d71200","correlation_id":"1820e135-a511-4516-99d9-b6cebb342eb2","error_uri":"https://login.microsoftonline.com/error?code=9002313"}

解决方法

POST https://login.microsoftonline.com/common/oauth2/v2.0/token

client_id=<client-id>
&scope=https://outlook.office365.com/.default
&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
&grant_type=refresh_token
&client_secret=<client-secret>