How to increase expiration in azure oauth token?

Question

For example I am accessing blob storage via

    from azure.identity import ClientSecretCredential
    token_credential = ClientSecretCredential(
        "", # tenant id
        "", # application id
        "" # application secret
    )

    from azure.storage.blob import BlobServiceClient
    blob_service_client = BlobServiceClient(account_url=url, credential=token_credential)

But default token ttl is 60-90 minutes, is it possible to increase that to one day?

Answer 1

is it possible to increase that to one day?

Yes, it is possible to increase the access/Id token expiration by following the below steps:

• Run the Connect command to sign in to your Azure AD account by using the below powershell cmdlet:

  Connect-AzureAD -Confirm
  

• Next you should create a policy for the token lifetime by using the below cmdlet:

$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"24:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy" ``

• To check the policy which was created in the above step and to get its ObjectId, Use the below cmdlet:

   Get-AzureADPolicy -Id $policy.Id
  

• Now Add that created policy to your service principal. and also get the ObjectId of your service principal by using the below cmdlet:

$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq ' <service principal display name>' "

• Finally, run the below cmdlet to set the policy to your Service principle:

Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id