Azure Graph API: Handling access token in Quartz.NET scheduled job

Question

I am doing some research on Azure Graph API which i am planning on consuming through both an Angular application and from a scheduled job (Quartz.NET)

I get that on the frontend part i use the Msal Service to handle the user authentication in order to get the access token.

However.. if i were to make requests to the Azure Graph API in a scheduled job, should i store the users access token once they auth on the frontend, and then use it in the scheduled job? And simply renew it before it expires?

I've looked up token lifetimes, but it is still not fully clear to me.

Question: How can i let the user only authenticate once, but keep requesting their information in the future from the backend?

Answer 1

Whether you get the access token from the frontend or backend, it doesn't affect it. Access_tokens are short lived, and you must refresh them after they expire to continue accessing resources.

You could keep requesting with the access token which will expire in a short time(default lifetime is one hour), and you need to use refresh token to renew it regularly.

However, Msal Service that you used is based on implicit grant flow which does not provide refresh tokens. You could just get token again in your frontend.

Both id_tokens and access_tokens will expire after a short period of time, so your app must be prepared to refresh these tokens periodically. To refresh either type of token, you can perform the same hidden iframe request from above using the prompt=none parameter to control the identity platform's behavior.