Share via

Refresh token

Prapinwit​ Sricharoenvanich​ 20 Reputation points
2024-12-19T02:14:41.0466667+00:00

I have a question about Refresh/Session ids. I read about refresh and access tokens and their lifetime From what I could understand, an access token lasts 24 hours and can be refreshed from a session id which lasts for 14 days.

How does a refresh token become inactive? To explain my situation, my Microsoft account was hacked 17 Dec 2024 I'm mainly concerned about my Minecraft account linked to the Microsoft account. My Minecraft account has a very valuable profile on server.

All in all, im asking how get new a refresh token or how a refresh token becomes inactive.

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments
Accepted answer
  1. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-12-19T10:23:27.78+00:00

    Hi @Prapinwit​ Sricharoenvanich​

    Welcome to MS Q&A!

    The default lifetime for refresh tokens is 24 hours for single-page applications and 90 days for other scenarios. Each time a refresh token is used, it is replaced with a new one. The Microsoft identity platform does not revoke old refresh tokens when they are used to obtain new access tokens.
    You can revoke the refresh token in multiple ways, timeouts and revocations. your app must handle revocations by the sign-in service by sending the user to an interactive sign-in prompt to sign in again.
    If there are significant changes to the account, such as a password reset or suspicious activity, the refresh token can be invalidated. Additionally, if the refresh token hasn't been used within its valid time frame, it is no longer valid.
    on the other hand Entra ID refresh tokens can be revoked by a user using the AzureAD PowerShell Revoke-AzureADSignedInUserAllRefreshToken cmdlet or by an admin using the Revoke-AzureADUserAllRefreshToken cmdlet. For other instances when refresh tokens will get revoked during the device flow take a look to the password-and non-password based token columns of the Token revocations table.

    For more information, please read Refresh tokens in the Microsoft identity platform.

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.