Reputation: 486
Increase access token lifetime in Azure AD
I have a multi-tenant azure app that is authorized by the clients using Authorization code flow. The access token I get from the flow has a TTL of 1 hour on average whereas refresh token has 90 days. I am using this access token on behalf of the users to fetch some of their resources. Can I increase the access token lifetime? I am playing around with Configure token lifetime policies (preview). However, I am not sure if this should be done by me (azure app tenant) or by the clients (in their tenant).
Upvotes: 1
Views: 2618
Answers (1)
Reputation: 15674
I tried to reproduce the same in my environment and got the results like below:
I created an Azure AD Multi-Tenant Application:
I created an Azure AD Policy for 2 hours in the Parent Tenant (where the Azure AD App resides) and token generated successfully with 2 hours lifetime:
GET https://login.microsoftonline.com/organizations/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/user.read
grant_type:authorization_code
redirect_uri:RedirectUri
code:code
But when I tried another user from a different tenant the token did not have an extended lifetime (2 hours).
After the first login to the Azure Multi-Tenant Application by another tenant user, the Application will be added in Azure Enterprise Application in another tenant like below:
Now, I tried to add Azure AD Token Lifetime Policy for another Tenant like below:
Connect-AzureAD
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq 'rukmt'"
Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id>'"
For both the Azure Tenants the Azure Token Lifetime Policy has been applied by using the same application.
I tried to generate token using the second Tenant User:
The token successfully got generated with 2 hours of Token Lifetime like below:
If still the issue persists, check if the policy is overridden by a policy with a higher priority.
Upvotes: 1
Related Questions
- How to use PATCH verb with curl
- Get PATCH request data in PHP
- How to use PATCH on PHP REST API on the following scenario?
- How do I make a PATCH request in PHP using cURL?
- How to get PHP to upgrade to a later version of Curl?
- monkey patching in php
- Patch files in Magento
- Magento Patch for PHP Version 5.4
- insatll php-fpm patch for php5.2.x
- bitly php url wont work?