Configure authentication in azure appservice

Question

how can I configure session lifetime in azure app service authentication to azure ad? According to https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#extend-session-token-expiration-grace-period the authenticated session expires after 8 hours, but I want shorten it to one hour. What's more after one hour I want to force user to reenter credentials to given provider. By default after session is expired user is redirected to provider, but doesn't have to reenter credentials and immediately redirected back to app - even when I manually delete cookies from browser - how is that working without cookies? What's more in azure documentation I found description of token lifecycle management feature (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes) which also have default id token's lifetime of 1 hour, which is very different from app service session lifetime, but redirected user to azure ad doesn't have to enter credentials even after manually deleting cookies. How is it working and how to configure that?

Answer 1

Even the default token lifetime has a certain value as per Microsoft document, the refresh token allows an application to obtain a new access token without prompting the user.

Single Sign On (SSO) occurs when a user logs in to one application and is then signed in to other applications automatically, regardless of the platform, technology, or domain the user is using. The user signs in only one time hence the naming of the feature (Single Sign On).

Due to single Sign On(SSO) feature you are not able to enter credentils and directly able to login.