Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to refresh an ID Token from Azure AD in a Web App?

Tags:

azure-web-app-service

azure-active-directory

I'm trying to set up an Azure Web App to to authenticate with Azure AD and refresh ID Token behind the scenes automatically. A great blog post helped me understand how the whole thing works: https://cgillum.tech/2016/03/07/app-service-token-store/

And this guide linked from it helped me set it up: http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/

It seems enabling refresh tokens for Azure AD authentication isn't that simple so as recommended I used the aforementioned guide to set it up as if it were for GraphApi.

The problem I'm having is even after calling the ".auth/refresh" endpoint and then calling the ".auth/me" endpoint, the only token which is refreshed is the Access Token. That token is of no use to me since I use the Id Token when communicating with my backend server (using an "Authorization Bearer" header).

So how do I get the Id Token to refresh as well?

like image 682
Niv Nahmias Avatar asked Jul 17 '16 07:07

Niv Nahmias

People also ask

How do I refresh my Azure AD token?

Refresh token request details. Access tokens are short lived, and you must refresh them after they expire to continue accessing resources. You can do so by submitting another POST request to the /token endpoint, this time providing the refresh_token instead of the code .

Can ID token be refreshed?

You can refresh access and ID tokens using the /token endpoint with the grant_type set to refresh_token . Before calling this endpoint, obtain the refresh token from the SDK and ensure that you have included offline_access as a scope in the SDK configurations.

How do I refresh my authentication token?

To use the refresh token, make a POST request to the service's token endpoint with grant_type=refresh_token , and include the refresh token as well as the client credentials if required.

Can you refresh an expired token?

Once they expire, client applications can use a refresh token to "refresh" the access token. That is, a refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again.

1 Answers

Unfortunately AAD does not support refreshing the ID token. Only the access token can be refreshed. See here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens

But even if it could be refreshed, it's more correct to use an access token when authenticating with another service, so I suggest changing your apps to work this way. The claims on the access token and the id_token are very similar so it should not be a very disruptive change.

like image 117
Chris Gillum Avatar answered Nov 03 '22 02:11

Chris Gillum
Sign in to Comment

Related questions

How to track deployment to Azure webapp in NewRelic?
Azure websites throw 500 error when there is a colon in the URL
Network path not found exception encountered randomly
How to use sticky staging slots in Azure Arm Templates
EF Core: An exception occurred in the database while iterating the results of a query
Azure WebJob "Could not create SSL/TLS secure channel"
Same Table, Notification Hub and server for two apps
Stopping an Azure Service does *not* stop the WebJob's continuously running behind it?
What is the difference between "Azure Web app" and "Azure App Service"?
Custom domain SSL certificate for Azure websites in Shared mode
How to display azure app service's web server log on Azure log Analytics?
Using Consul with Azure App Services
How to get client's IP address on an Azure Web App developed in ASP.NET?
How can I set the root folder for an Azure Websites site?
Azure Website Exception: Format of the initialization string does not conform to specification starting at index 0
Create App Service subscription EMPTY
Deploying to an Azure Web App via ARM/msdeploy without deleting existing files
azure App service deploy as code or container?
How to disable source code publishing in ASP.NET 5 apps?
Azure Function Key Vault reference for certificates?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!