For applications that authenticate users with Windows Azure Active Directory(WAAD), unable to refresh token from javascript.

All the resources are protected by Authorize attribute makes calls to login.windows.net/{0} if token is expired. If the request is from page load it works as expected but if the request is from javascript ajax call it is unable make call to login.windows.net/{0}. It returns with status 302 and message

XMLHttpRequest cannot load https://login.windows.net/xxx. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xxx' is therefore not allowed access.

How to refresh the token from javascript calls?

It looks like you secured your web API with a method more suited for web UX. Take a look at ADAL JS for a more reliable way of dealing with javascript driven apps: http://www.cloudidentity.com/blog/2014/10/28/adal-javascript-and-angularjs-deep-dive/ For an explanation of how token renewal works, see the video linked in that post HTH V.