Menu
I am currently trying to develop an SPA application with a webapi, I am using msal for login. The flow is the user logs in, gets an idtoken (used to authorize for my api), gets an access token (for graph api) using acquiretokensilent method. I renew the idToken right before an hour using acquiretokensilent by passing clientID in scopes. But still the I am logged out after the idToken expires. I see that it doesn't get refreshed in the browser storage.
SO my question is, is there anyway I can renew the id Token and keep the user logged in? Any help will be great.
294
The expiration time for ID tokens in Azure AD is 1 hour. As long as the user session with AAD is active, the acquireTokenSilent method will be able to renew the idtokens. However, if the AAD session is expired, the token renewal will result in a failure. You will need to handle the failure with an interactive call prompting user to sign in again.
You can read here for ways to extend the Signed in AAD session. Also, you have the option to configure the lifetime policy for id tokens as documented here.
116
acquireTokenSilent(scopes: Array, authority?: string, user?: User, extraQueryParameters?: string): Promise - Used to get the token from cache. MSAL will return the cached token if it is not expired Or it will send a request to the STS to obtain an access token using a hidden iframe. To renew an idToken, the clientId should be passed as the only scope in the scopes array.
https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Public-APIs
Any chance that when you try to refresh your token, you're actually retrieving it from the cache because it isn't expired yet?
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
