发表新帖
发表新帖

Windows Azure Active Directory - expiration of refreshtoken

后端 未结
关注
5 1136
情深已故
情深已故 2020-12-16 18:27

I am experimenting with Windows Azure Active Directory. In a client (desktop) application the user enter his credentials and authenticate to access a REST service. I\'m usin

相关标签:
5条回答
  • 粉色の甜心
    2020-12-16 19:14

    I captured the calls to Azure Active Directory (AAD) with Fiddler and found a JSON response that included the access_token, expires_in and expires_on, id_token, refresh_token, resource, scope and token_type (Bearer).

    The expires_on equals 1398790050. So I went to Wolfram Alpha, queried how many seconds this was after 1970 and added 2 hours (I'm in the UTC+2 time zone). The access token is valid for 1 hour. In the TechNet forums it is mentioned the expire token is valid for about 80 days.

    0 讨论(0)
  • 长情又很酷
    2020-12-16 19:21

    Yes, the Refresh Token does expire.. I am not sure, but I believe you can set the TTL or expiration of the token in the setup of the WAAD properties on azure. I have to check, but I am not where I can access Azure at the moment.

    0 讨论(0)
  • 一向
    2020-12-16 19:25

    I implemented the Azure AD SSO on mobile apps and used ADAL Nuget package. I had few queries from my clients on the expiration of the refresh-token. After going back and forth with Azure Engineering team, and trying few things, here are my findings. I have documented the details in a blog post here:

    1. Azure AD SSO Access-Token expires in 1 hour.
    2. You could use Azure AD Refresh Token to refresh your AccessToken.
    3. The Refresh Token expires in 72.
    4. Azure allows an access-token to be refreshed using the refresh-token for a maximum period of time of 90 days (from the initial date of issuing the token). This means after 90 days, Azure will authenticate the user to login again. (Cannot confirm any changes to this)
    5. The expiry time of the refresh token is set to 72 hours by default. This is now configurable. You can change this value as per the discussion here

    Full details can be found in this blog post

    0 讨论(0)
  • 暖寄归人
    2020-12-16 19:29

    Solution is here.

    tokenRefreshExtensionHours

    It is now configurable through App Service's Resource Manager to configure tokenRefreshExtensionHours.

    "using Resource Explorer to manage your site’s auth settings, you can add a setting named “tokenRefreshExtensionHours” to {site}/config/authSettings.properties and set it to the number of hours to allow an expired token to be used for refresh. "

    Thanks to cgillum.

    0 讨论(0)
  • 被撕碎了的回忆
    2020-12-16 19:34

    The refresh token expiration time now can be configured officially : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

    0 讨论(0)
 看不清?
提交回复
热议问题