Azure Oauth - how to change token expiration time?

Question

We are using Oauth2 with Azure. And by default server returns token with an hour interval for expiration. Is there any way change expiration interval?

Answer 1

It is now possible to configure the token lifetime. You can read more here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes.

Remark: This feature is in preview and will not go to production in this way. The following header is also placed on the documentation link I mentioned above.

After hearing from customers during the preview, we're planning to replace this functionality with a new feature in Azure Active Directory Conditional Access. Once the new feature is complete, this functionality will eventually be deprecated after a notification period. If you use the Configurable Token Lifetime policy, be prepared to switch to the new Conditional Access feature once it's available.

Original answer:

Currently there is no way to change the expiration interval. These are the current expiration times.

• Access tokens last 1 hour

• Refresh tokens last for 14 days, but

  • If you use a refresh token within those 14 days, you will receive a new one with a new validity window shifted forward of another 14 days. You can repeat this trick for up to 90 days of total validity, then you’ll have to reauthenticate
  • Refresh tokens can be invalidated at ANY time, for reasons independent from your app (e.g. user changes password). Hence you should NOT take a dependency on the above in your code – your logic should always assume that the refresh token can fail at any time
  • Refresh tokens issues for guest MSA accounts last only 12 hours

Source: http://www.cloudidentity.com/blog/2015/03/20/azure-ad-token-lifetime/ and also my own experiences.