This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 80%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
I've set the lifetime of my B2C refresh token to 7 days. I'm using the PKCE authentication flow to obtain access tokens. However, when I make a request to the /token endpoint, I notice that the refresh_token_expires_in value is 86400 seconds, which is only 1 day. Could someone explain why the refresh token is expiring in just one day instead of the 7 days I've configured?
Additionally, I've set the Refresh Token Sliding Window Lifetime to "No expiry." Does this mean that the token will be refreshed each time it's used?
Thanks in advance for your help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi @hawthorne91
Thank you for posting this in Microsoft Q&A.
I understand your concern regarding the Refresh Token Lifetime Issue, Expiring in 1 Day Instead of 7 days.
The maximum time period before which a refresh token can be used to acquire a new access token, if your application had been granted the offline_access scope. The default is 14 days. The minimum (inclusive) is one day. The maximum (inclusive) 90 days.
I've set the Refresh Token Sliding Window Lifetime to "No expiry." Does this mean that the token will be refreshed each time it's used?
The refresh token sliding window type. Bounded indicates that the refresh token can be extended as specified in the Lifetime length (days). No expiry indicates that the refresh token sliding window lifetime never expires.
Could someone explain why the refresh token is expiring in just one day instead of the 7 days I've configured?
Single-page applications utilizing the authorization code flow with PKCE are always subject to a refresh token lifetime of 24 hours, whereas mobile, desktop, and other web applications are not constrained by this limitation.
The refresh_token_expires in one day, due to the use of the PKCE authentication flow to obtain the access token, even if the Refresh Token Sliding Window is configured.
For more information: Configure tokens in Azure Active Directory B2C
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi Navya, thank you for your reply. So if I understand correctly, using PKCE will always require the user to reauthenticate after a day? Is there anyway to navigate around this feature? I want to completely automate this process.
Also, regarding the No expiry, how can I extend the lifetime of the refresh token?
Thank you for your help!