Cortana OAuth2 refresh token not working with Custom OAuth Server

[mtelle]

Hello,

I want to use a Cortana Skill with our custom OAuth server.

The authorization_code is working fine.
Cortana calls me with:
POST /oauth/token?redirect_uri=https%3A%2F%2Fwww.bing.com%2Fagents%2Foauth&grant_type=authorization_code&code=7GKzNa%3F3P0eb5EkhYLp%21mJ38fkKm HTTP/1.1
Host: localhost:51138
User-Agent: Go-http-client/1.1
Content-Length: 126
Accept-Encoding: gzip, deflate
Authorization: Basic U2VzZU5hOjBFU0QycmppUGQ/MEpFTUhjMDAzdUd5ZXRYJE41cFZKTSE/OXYwcnZuP1UwcWgtTw==
Content-Type: application/x-www-form-urlencoded
X-Forwarded-For: 199.30.21.57
X-Forwarded-Proto: https
X-Original-Host: 6f3241e.ngrok.io

redirect_uri=https%3a%2f%2fwww.bing.com%2fagents%2foauth&grant_type=authorization_code&code=7GKzNa%3f3P0eb5EkhYLp!mveOQJ38fkKm

And my server returns a correct acces token:
{
"access_token": "RFPcxTAcK1OVhcsdf5GA3Adr-4Nn_cx0ZbrfJZhYutNkLJnwHRY!6Zc?tQt87UYk",
"token_type": "Bearer",
"expires_in": 599,
"refresh_token": "0M7LuK6PJ11E?xke$RFqPBJJB3S5tZzgK-seHqW8?V-BXLuSowq27JnE9ut?2@P?t0GU$nSzR3xG!MZ8bKKk@4xJMKmCtnRCcz?Lp8@oUHRvxhm$p-oE57gbDVNmv-NieJm4_BMeoBEn2G3PB7_qY12!P8bRWowP3dzoeqTNc2gHQGyr0MOq-X7eZ!D4ddBwJFe8oiXwYsL3w40bQgowwnMshmWkMkqnrm@16WAvNDZ0tB0Vx0nL8Peegv1@FEnW",
"scope": "offline_access"
}

An then the call from cortana to my skill is fine with the acces_token:
{
"type": "message",
"id": "HdGn4RogHcs",
"timestamp": "2017-11-02T11:25:02.9013553Z",
"serviceUrl": "https://CortanaBFChannelEastUs.azurewebsites.net/",
"channelId": "cortana",
"from": {
"id": "F7E7D5EF843ABE1C7EB07093D87290FEAF267AC662D90BF0FC245513E2977340"
},
"conversation": {
"id": "2f1d9129-5794-47b7-afa0-451b2d9e6e4f"
},
"recipient": {
"id": "sesechatbot"
},
"entities": [
{
"type": "AuthorizationToken",
"token": "RFPcxTAcK1OVhcsdf5GA3Adr-4Nn_cx0ZbrfJZhYutNkLJnwHRY!6Zc?tQt87UYk",
"status": 1
}

The problem is that when I call 10 minutes later, Cortana call me to refresh the token:
POST /oauth/token?redirect_uri=https%3A%2F%2Fwww.bing.com%2Fagents%2Foauth&grant_type=refresh_token&refresh_token=0M7LuK6PJ11E%3Fxke%24RFqPBJJB3S5tZzgK-seHqW8%3FV-BXLuSowq27JnE9ut%3F2%40P%3Ft0GU%24nSzR3xG%21MZ8bKKk%404xJMKmCtnRCcz%3FLp8%40oUHRvxhm%24p-oE57gbDVNmv-NieJm4_BMeoBEn2G3PB7_qY12%21P8bRWowP3dzoeqTNc2gHQGyr0MOq-X7eZ%21D4ddBwJFe8oiXwYsL3w40bQgowwnMshmWkMkqnrm%4016WAvNDZ0tB0Vx0nL8Peegv1%40FEnW HTTP/1.1
Host: localhost:51138
User-Agent: Go-http-client/1.1
Content-Length: 378
Accept-Encoding: gzip, deflate
Authorization: Basic U2VzZUNoYXRCb3RDb3J0YW5hOjBFU0QycmppUGQ/MEXRYJE41cFZKTSE/OXYwcnZuP1UwcWgtTw==
Content-Type: application/x-www-form-urlencoded
X-Forwarded-For: 157.55.7.170
X-Forwarded-Proto: https
X-Original-Host: 6f3241b.ngrok.io

redirect_uri=https%3a%2f%2fwww.bing.com%2fagents%2foauth&grant_type=refresh_token&refresh_token=0M7LuK6PJ11E%3fxke%24RFqPBJJB3S5tZzgK-seHqW8%3fV-BXLuSowq27JnE9ut%3f2%40P%3ft0GU%24nSzR3xG!MZ8bKKk%404xJMKmCtnRCcz%3fLp8%40oUHRvxhm%24p-oE57gbDVNmv-NieJm4_BMeoBEn2G3PB7_qY12!P8bRWowP3dzoeqTNc2gHQGyr0MOq-X7eZ!D4ddBwJFe8oiXwYsL3w40bQgowwnMshmWkMkqnrm%4016WAvNDZ0tB0Vx0nL8Peegv1%40FEnW

And my server answer a ok with the message:
{
"access_token": "wkoSu$MXuvgBU_Af?HDMush_!cO!FUzR-063HsrQX5uLeWD$1m3VzmmU8$P9z1k0",
"token_type": "Bearer",
"expires_in": 599,
"refresh_token": "pVZ6cotHA_gLuuR9wAiHR!1pbWVs$t@2at2Nu_xjxXO7c!K@teL@wKLWeHd9oZH!f3Mcytg8UpYmxdm@zXNAkp6XpErgsWHuUNQLTfSCe7LyDMt?_yzqkJ_jrsuBzT84@ms41LG1JGmq6BoxPJjOckFy9RyeZLbO_MsitTrRZb!k0@By_ybss1n_ZfzxmoG@GdB4SttrB?Q5OFizFmCBVMm9CL__gc5pWAaJVsfh85CH5WHxKu7$b_ScNKArje6C",
"scope": "offline_access"
}

The cortana calls me but with no AuthorizationToken

{
"type": "message",
"id": "64BvKsbXFVi",
"timestamp": "2017-11-02T11:33:17.0984314Z",
"serviceUrl": "https://CortanaBFChannelEastUs.azurewebsites.net/",
"channelId": "cortana",
"from": {
"id": "F7E7D5EF843ABE1C7EB07093D87290FEAF267AC662D90BF0FC245513E2977340"
},
"conversation": {
"id": "cdbaa5a5-8967-47be-8905-fa2433d9ebd7"
},
"recipient": {
"id": "sesechatbot"
},

What is wrong with the refresh token behaviour with cortana?