Azure AD refresh token expire

Question

I have a multitenant web api project with microsoft azure integration. I connect to microsoft, get access token and refresh token and each time before access token expiration, I call api

POST https://login.microsoftonline.com/tenant/oauth2/v2.0/token

data in request is:

grant_type=refresh_token
refresh_token=xxxxxxxxxxx
client_id=xxxxxxxxxx

I get new access token and refresh token, and after an hour get new access token with the same api and last recieved refresh token. But after 24 hours somehow my refresh token expires, and I need to reconnect and enter my credentials again. How to make my refresh token don't expire until i revoke it manually. I need somehow update refresh token timeout in background and save my integration always connected until i revoke it manually.

I need somehow organize this to stay connected always until manual revocation. Any solution?

Answer 1

There is a 24 hour limit to refresh tokens under certain conditions:

Refresh tokens sent to a redirect URI registered as spa expire after 24 hours. Additional refresh tokens acquired using the initial refresh token carry over that expiration time, so apps must be prepared to rerun the authorization code flow using an interactive authentication to get a new refresh token every 24 hours. Users don't have to enter their credentials and usually don't even see any related user experience, just a reload of your application. The browser must visit the log-in page in a top-level frame to show the login session. This is due to privacy features in browsers that block third party cookies.

See: https://learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens