Extend Token expiration

Question

I am using : az account get-access-token
https://learn.microsoft.com/en-us/azure/healthcare-apis/get-access-token?tabs=azure-cli

Is it possible to have the expiration of the token for lets say 6 months similar to PAT?

Answer 1

Hi,

For access tokens the configurable time is between 60 and 90 min but the refresh token can be configured for up to 90 days.
You can use the refresh token to obtain a new access token.

https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

Hope this helps

Answer 2

Hello @Nandan Hegde and thanks for reaching out. Azure AD access tokens expiration cannot be set to 6 months. As stated by @Cristian SPIRIDON , it's set by default to something between 60 and 90 min. The default lifetime also varies depending on the client application requesting the token or if conditional access is enabled in the tenant. Currently, Exchange, Teams, and SharePoint Online can benefit from Continuous Access Evaluation (CAE) where long lived token expiration ranges from 20 to 28 hours.

On the other hand, Azure AD refresh tokens live up to 90 days. You can use obtain a new access token without re-entering credentials a seconding during the lifetime of a refresh token using the MSAL.PS Get-MsalToken cmdlet (Samples here) with the -Silent parameter:

   Get-MsalToken -Silent # Other params  

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

Answer 3

Each PAT has an expired date, the default period is 30 days, and the maximum is one year.
If the PAT created at the beginning is 90 days, when it expires, you can change it to 180 days or 1 year. But if you start in 1 year and expire soon after one year, you can only add one more token.

Also, you can check this thread for help - https://improveandrepeat.com/2020/11/how-to-extend-a-personal-access-token-for-azure-devops/