I am experimenting with Windows Azure Active Directory. In a client (desktop) application the user enter his credentials and authenticate to access a REST service. I'm using latest version of Active Directory Authentication Library. In my scenario I want that the user insert his credentials one time, so I store the refresh Token and use it to renew the access Token by calling AcquireTokenByRefreshToken method of AuthenticationContext object. My question is : Will the refreshtoken expire? Can I use the refreshtoken days or weeks after I obtained it?
I implemented the Azure AD SSO on mobile apps and used ADAL Nuget package. I had few queries from my clients on the expiration of the refresh-token. After going back and forth with Azure Engineering team, and trying few things, here are my findings. I have documented the details in a blog post here:
Full details can be found in this blog post
Solution is here.
tokenRefreshExtensionHours
It is now configurable through App Service's Resource Manager to configure tokenRefreshExtensionHours.
"using Resource Explorer to manage your site’s auth settings, you can add a setting named “tokenRefreshExtensionHours” to {site}/config/authSettings.properties and set it to the number of hours to allow an expired token to be used for refresh. "
Thanks to cgillum.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With