Reputation: 373
How jwt token get reissued in azure ad OuthImplicitFlow
Currently the scenario is. When I am trying to access my app,it first sends my app to Microsoft login page and after successful login it returns a id token which is used to retrieve the data from backend server. Now the expiry time of token is approx 1 hr. Now when this token expires, Microsoft issues a new token(JWT Token), it not redirects me back to login page. But ideally it should be redirected to login page, as in implicit flow, there is no refresh token. Then on what basis it is issuing a new token ? I am using Microsoft adal library in my front end side for authentication.
Upvotes: 0
Views: 268
Answers (1)
Reputation: 72151
here's the link: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow#refreshing-tokens
The implicit grant does not provide refresh tokens. Both id_tokens and access_tokens will expire after a short period of time, so your app must be prepared to refresh these tokens periodically. To refresh either type of token, you can perform the same hidden iframe request from above using the prompt=none parameter to control the identity platform's behavior. If you want to receive a new id_token, be sure to use id_token in the response_type and scope=openid, as well as a nonce parameter.
Upvotes: 1
Related Questions
- Refresh token revocation in Azure AD B2C
- Where's the Key for My Azure AD B2C Token?
- Why RefreshToken received form azure active directory is not in JWT format
- Azure AD JWT Token Validation options
- How to invalidate Jwt token received from azure ad
- Azure Active Directory JWT aud value
- Azure JWT Token Key Rotation
- Azure AD Adal4j Token recieved after refresh token is not signed JWT
- Azure Active Directory B2C: how to refresh a token
- Renew a JWT issued by Azure ACS