When and how is a refresh token extended?

Question

According to a https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens, Refresh tokens replace themselves with a fresh token upon every use.

I believed we can continue using a refresh token if we keep refreshing the access token with the refresh token forever, but it was not correct.

We are using refresh token by below step

1. Our user logs in to a client app with OAuth 2.0 of Microsoft Graph. The client app obtains a refresh token A and an access token.
2. The client app refreshes access token with the refresh token A before expiration of the access token. The authentication returns a new refresh token B and a new access token. Our client app keep using the refresh token A, so it store only the new access token.
3. The client app continues to do 1&2 and sometimes called Graph API with an access token while the user continues to use our app for 90 days.
4. When the client refresh an access token, API returns "AADSTS700082: The refresh token has expired due to inactivity".

Do we need to replace the refresh token A by new one (refresh token B) by myself?

Answer 1

Hi @Sato

Yes, you need to use refresh token B to replace refresh token A, because the maximum lifetime of refresh token is 90 days, and this time cannot be modified, so when you keep using refresh token A, the token will expire after 90 days, so you need to use the newly obtained refresh token B to replace refresh token A. By analogy, you can continue to obtain refresh token C and new access token through refresh token B, then you need to replace refresh token B with refresh token C, so that you can always use new refresh tokens instead of old refresh tokens to prevent errors caused by refresh token expiration.

More information about refresh token:

https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.