How long are delegated permissions valid for in Sharepoint Indexer?

Misha Anker 41 Reputation points
2023-01-23T16:50:13.08+00:00

If I use delegated permissions in the Graph API, how long do these permissions allow me to access a sharepoint site as the data source for a cognitive search data source before I would need to renew my permissions?

Microsoft 365 and Office | SharePoint | For business | Windows
Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

Accepted answer
  1. RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff
    2023-01-24T06:08:24.61+00:00

    Hi @Misha Anker

    For a given tenant, the life-time can be configured using Configurable token lifetimes in Azure Active Directory (Public Preview). This configuration is per tenant, service principal, or application. If you configure it on the application, then the policy will apply on multi-tenant applications unless superseded by a policy on the service principal or tenant level. The maximum lifetime for an Access token is 24 hours (minimum is 10 minutes, default is 1 hour).

    Here is a document for more details

    Get access on behalf of a user


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Gopinath Chennamadhavuni 2,446 Reputation points
    2023-01-24T06:47:07.5066667+00:00

    Hi Misha Anker,

    Hope you are doing well.

    When you are using Graph API to query a SharePoint site, what you are doing is obtaining an access token which containing the correct API permission to call that API to get the site information.

    The API permissions won't expired whenever it is granted, and we can only remove the API permission to make it "expired". So how long depends on how long the access token will expire. You can see this section to learn about the access toke lifetime and how to manage it. It depends on how you set the lifetime of token and manage the token generating and usage.

     After granting the delegated permissions, the permission will remain valid until you revoke the permissions from your own. The validity of the permission depends upon the access token and as soon as the token expires or you do some changes to the permission, you need to generate the new access token.

    The validity of the access token varies.

     As per this table the maximum value AccessTokenLifetime is 1day.
    Token

    Please refer to the documentation for more details.

    You can also refer to refresh token. The default lifetime for the refresh tokens is 24 hours for single page apps and 90 days for all other scenarios. So, if you want to get refresh token the only way is to use auth code flow or ROPC flow.

    Please go through these relevant documentation also.
    Configurable token lifetimes in the Microsoft identity platform (preview)
    Configure token lifetime policies (preview)

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.