问题
I'm trying to set up an Azure Web App to to authenticate with Azure AD and refresh ID Token behind the scenes automatically. A great blog post helped me understand how the whole thing works: https://cgillum.tech/2016/03/07/app-service-token-store/
And this guide linked from it helped me set it up: http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
It seems enabling refresh tokens for Azure AD authentication isn't that simple so as recommended I used the aforementioned guide to set it up as if it were for GraphApi.
The problem I'm having is even after calling the ".auth/refresh" endpoint and then calling the ".auth/me" endpoint, the only token which is refreshed is the Access Token. That token is of no use to me since I use the Id Token when communicating with my backend server (using an "Authorization Bearer" header).
So how do I get the Id Token to refresh as well?
回答1:
Unfortunately AAD does not support refreshing the ID token. Only the access token can be refreshed. See here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens
But even if it could be refreshed, it's more correct to use an access token when authenticating with another service, so I suggest changing your apps to work this way. The claims on the access token and the id_token are very similar so it should not be a very disruptive change.
来源:https://stackoverflow.com/questions/38419058/how-to-refresh-an-id-token-from-azure-ad-in-a-web-app