Issue with bookmarking expired URLs and refreshing access tokens

Adam-1803 0 Reputation points
2023-10-25T12:29:41.61+00:00

Hello,

I've encountered an issue when using AzureAD - Some of which isn't entirely an issue as it is intended behaviour, but it's handling this intended behaviour which is proving troublesome.

Right now I have URL expiry set, but when these URLs are bookmarked it rightly provides an error message to the end user - I'm aware this should be happening, but I'm unsure as to how to alter this behaviour.
I don't expect that a fresh URL could be generated, but more so a more intuitive means of handling than an Oauth2 error page.
Would there be any way around this?

I'm also using MFA (email authentication) which uses an IDP that doesn't issue refresh tokens and seemingly, the access token never interacts with the codebase either. My issue here is that when a session is left active for longer than the access tokens lifespan, the page becomes unresponsive and only returns to intended functionality following on from the user refreshing the webpage.
In the ideal situation, I'd use the refresh token to refresh the access token and prolong the users access, but I'm unable to do so here and I'm unsure as to what can be done to resolve this issue.

If any advice or guidance could be provided for the above issues, I'd be very grateful.

Thanks in advance!
Adam.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,189 questions
{count} votes