Menu
According to the Azure AD documentation, the Section “Request an access token” describes all the parameter keys that should be returned by Azure AD in response to access token requests via Azure v2.0 endpoint https://login.microsoftonline.com/{my_tenant}/oauth2/v2.0/token. Example of response body returned by Azure AD v2.0:
"token_type": "Bearer",
"scope": "User.Read",
"expires_in": 3599,
"ext_expires_in": 0,
"access_token": "eyJ0eXAiO ...",
"refresh_token": "OAQABAAAAAAA9kTklh ..."
"id_token": "eyJ0eXAiOiJKV1QiLC ..."
The documentation does NOT mention ext_expires_in as one of the returned parameters. My questions are:
ext_expires_in describe in addition to the current expires_in key currently does?
475
Azure Active Directory (Azure AD) supports all OAuth 2.0 flows.
It is used to achieve uninterrupted services access even during an STS outage. The server may return the ext_expires_in value to indicate the extended lifetime of an access token.
An access token contains claims that you can use in Azure Active Directory B2C (Azure AD B2C) to identify the granted permissions to your APIs. When calling a resource server, an access token must be present in the HTTP request. An access token is denoted as access_token in the responses from Azure AD B2C.
This claim is used to support resiliency. It is used to achieve uninterrupted services access even during an STS outage. The server may return the ext_expires_in value to indicate the extended lifetime of an access token. For more details you can see how ADAL uses this information: https://github.com/AzureAD/azure-activedirectory-library-for-android/issues/675
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
