Azure Oauth - how to change token expiration time?

azure oauth-2.0
12,916

Solution 1

It is now possible to configure the token lifetime. You can read more here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes.

Remark: This feature is in preview and will not go to production in this way. The following header is also placed on the documentation link I mentioned above.

After hearing from customers during the preview, we're planning to replace this functionality with a new feature in Azure Active Directory Conditional Access. Once the new feature is complete, this functionality will eventually be deprecated after a notification period. If you use the Configurable Token Lifetime policy, be prepared to switch to the new Conditional Access feature once it's available.

Original answer:

Currently there is no way to change the expiration interval. These are the current expiration times.

  • Access tokens last 1 hour

  • Refresh tokens last for 14 days, but

    • If you use a refresh token within those 14 days, you will receive a new one with a new validity window shifted forward of another 14 days. You can repeat this trick for up to 90 days of total validity, then you’ll have to reauthenticate
    • Refresh tokens can be invalidated at ANY time, for reasons independent from your app (e.g. user changes password). Hence you should NOT take a dependency on the above in your code – your logic should always assume that the refresh token can fail at any time
    • Refresh tokens issues for guest MSA accounts last only 12 hours

Source: http://www.cloudidentity.com/blog/2015/03/20/azure-ad-token-lifetime/ and also my own experiences.

Solution 2

You have to use power shell to perform 2 steps as below:

  1. Create new policy. This policy sets timeout 2 hours New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00","MaxAgeSessionSingleFactor":"02:00:00"}}') -DisplayName "MyWebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"

  2. Apply this policy to your website

    Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>

Note: In order to get ObjectId of the ServicePrincipal, run this command: Get-AzureADServicePrincipal

To get ObjectId of the Policy, run this command: Get-AzureADPolicy

For more detail you can refer to this document: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes

Share:
12,916
andrey
Author by

andrey

Updated on June 21, 2022

Comments

  • andrey
    andrey almost 2 years

    We are using Oauth2 with Azure. And by default server returns token with an hour interval for expiration. Is there any way change expiration interval?

  • RameshPasa
    RameshPasa about 7 years
    Is the expiration interval for Access Token and Refresh Token is configurable now?
  • txulu
    txulu about 5 years
    Yes, things appear to be configurable now: docs.microsoft.com/en-us/azure/active-directory/develop/…
  • txulu
    txulu about 5 years
  • vir us
    vir us almost 4 years
    can anyone tell me where should I click in the azure dashboard to get to those settings?? Can't see any references
  • Sarahrb
    Sarahrb almost 2 years
    @amzdmt Is it possible to change expiration time through Azure portal instead of PowerShell. Thank you.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use nativeclient redirect URI when authenticating with Microsoft Azure?
Flutter app: How to implement a proper logout function?
How to enable CORS in an Azure App Registration when used in an OAuth Authorization Flow with PKCE?
AADSTS50020: We are unable to issue tokens from this api version for a Microsoft account
How to call a REST API using Azure Data Factory Pipelines?
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API
POSTMAN: "You do not have permission to view this directory or page" with Bearer Token
AADSTS90002: Tenant 'xx' not found. This may happen if there are no active subscriptions for the tenant
How to do a OAuth 2.0 authentication in JMeter?
AADSTS65001: The user or administrator has not consented to use the application with ID '<application ID>