Extend Token expiration

Nandan Hegde 32,911 Reputation points MVP
2022-11-21T12:44:04.493+00:00

I am using : az account get-access-token
https://learn.microsoft.com/en-us/azure/healthcare-apis/get-access-token?tabs=azure-cli

Is it possible to have the expiration of the token for lets say 6 months similar to PAT?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,579 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,528 questions
0 comments No comments
{count} votes

Accepted answer
  1. Cristian SPIRIDON 4,481 Reputation points
    2022-11-21T13:19:16.61+00:00

    Hi,

    For access tokens the configurable time is between 60 and 90 min but the refresh token can be configured for up to 90 days.
    You can use the refresh token to obtain a new access token.

    https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

    Hope this helps

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. 2022-11-22T20:47:08.767+00:00

    Hello @Nandan Hegde and thanks for reaching out. Azure AD access tokens expiration cannot be set to 6 months. As stated by @Cristian SPIRIDON , it's set by default to something between 60 and 90 min. The default lifetime also varies depending on the client application requesting the token or if conditional access is enabled in the tenant. Currently, Exchange, Teams, and SharePoint Online can benefit from Continuous Access Evaluation (CAE) where long lived token expiration ranges from 20 to 28 hours.

    On the other hand, Azure AD refresh tokens live up to 90 days. You can use obtain a new access token without re-entering credentials a seconding during the lifetime of a refresh token using the MSAL.PS Get-MsalToken cmdlet (Samples here) with the -Silent parameter:

       Get-MsalToken -Silent # Other params  
    

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    1 person found this answer helpful.
    0 comments No comments

  2. Amit Singh 4,986 Reputation points
    2022-11-22T10:40:58.78+00:00

    Each PAT has an expired date, the default period is 30 days, and the maximum is one year.
    If the PAT created at the beginning is 90 days, when it expires, you can change it to 180 days or 1 year. But if you start in 1 year and expire soon after one year, you can only add one more token.

    Also, you can check this thread for help - https://improveandrepeat.com/2020/11/how-to-extend-a-personal-access-token-for-azure-devops/

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.