Windows Azure Active Directory - expiration of refreshtoken
I am experimenting with Windows Azure Active Directory. In a client (desktop) application the user enter his credentials and authenticate to access a REST service. I'm using latest version of Active Directory Authentication Library. In my scenario I want that the user insert his credentials one time, so I store the refresh Token and use it to renew the access Token by calling AcquireTokenByRefreshToken method of AuthenticationContext object. My question is : Will the refreshtoken expire? Can I use the refreshtoken days or weeks after I obtained it?
Answer
I implemented the Azure AD SSO on mobile apps and used ADAL Nuget package. I had few queries from my clients on the expiration of the refresh-token. After going back and forth with Azure Engineering team, and trying few things, here are my findings. I have documented the details in a blog post here:
- Azure AD SSO Access-Token expires in 1 hour.
- You could use Azure AD Refresh Token to refresh your AccessToken.
- The Refresh Token expires in 72.
- Azure allows an access-token to be refreshed using the refresh-token for a maximum period of time of 90 days (from the initial date of issuing the token). This means after 90 days, Azure will authenticate the user to login again. (Cannot confirm any changes to this)
- The expiry time of the refresh token is set to 72 hours by default. This is now configurable. You can change this value as per the discussion here
Full details can be found in this blog post