Will application migration from ADAL to MSAL require users to re-authorize?

Question

Hi all - we have been authorizing users against their Azure Active Directory for access and reading of directory data. Once authorized, we configure a custom control on our end for configuring Azure Conditional Access. This has been done for some time using ADAL and the v1 endpoint (https://login.microsoftonline.com/common/oauth2/authorize). We intend to do the work to migrate our code to use MSAL and the v2 endpoint (https://login.microsoftonline.com/common/oauth2/authorize).

Once that code is updated, will the users who have previously authorized our application via v1 need to re-authorize for v2, or will their original authorization grant continue to work?

This question is a follow-up to https://learn.microsoft.com/en-us/answers/questions/1062083/do-we-need-to-reauthorize-against-the-oauth-v2-api.html.

Answer 1

Hello @Matt Pollak ,

Thanks for posting your query on Microsoft Q&A. As per https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow. It depends on the life of "Refresh Token" for refresh tokens sent to a redirect URI registered as spa, the refresh token expires after 24 hours. Additional refresh tokens acquired using the initial refresh token carries over that expiration time, so apps must be prepared to re-run the authorization code flow using an interactive authentication to get a new refresh token every 24 hours.

However once application has been migrated from ADAL to MSAL it will redirect the user to v2 endpoint for authorization as refresh token from v1.0 would not be able to get new access token from v2.0 /token endpoint.

Please do let me know if you have any further queries.

Thanks,
Akshay Kaushik

Please "Accept the answer" and "Upvote" if the suggestion works as per your business need. This will help us and others in the community as well