Refresh Token API or KMSI-Redirect to /authorise

Question

Refresh Token API or KMSI-Redirect to /authorise

Komal Singh 0

In the context of an E-Commerce end-user experience with Keep Me Signed In (KMSI) enabled:

What is the relationship between KMSI and the Refresh Token API?
Should I use the Refresh Token API or implement a silent login? Does silent login redirect to Azure AD B2C? What is the recommended approach for a seamless e-commerce experience?
If KMSI expires, what should be the strategy? Should I still call the Refresh Token API? Will it result in an error, or can I refresh the token even after KMSI expiration?

I'm feeling a bit confused about the proper implementation. Should I rely on the Refresh Token API or continue with the redirect to the ADB2C/authorize call?

1 answer

Your answer

Answer 1

Hi @Komal Singh ,

the relationship between KMSI and the Refresh Token API is that they both allow users to remain signed in to your application. KMSI enables users to remain signed in even after they close the browser, while the Refresh Token API allows users to obtain a new access token and refresh token pair after the current access token has expired.
For a seamless e-commerce experience, it is recommended to use KMSI and implement a silent login using the Refresh Token API. Silent login does not redirect to Azure AD B2C, but instead uses the Refresh Token API to obtain a new access token and refresh token pair without prompting the user to enter their credentials. This approach provides a seamless experience for the user and allows them to remain signed in to the application even after the access token has expired.
If KMSI expires, the recommended strategy is to call the Refresh Token API to obtain a new access token and refresh token pair. This will allow the user to remain signed in to the application without being prompted to enter their credentials again. Calling the Refresh Token API after KMSI expiration will not result in an error, and you can refresh the token even after KMSI expiration.

For a seamless e-commerce experience, it is recommended to use KMSI and implement a silent login using the Refresh Token API. If KMSI expires, you should call the Refresh Token API to obtain a new access token and refresh token pair. More info here.

Please let me know if you have any questions and I can help you further.

If this answer helps you please mark "Accept Answer" so other users can reference it.

Thank you,

James

Komal Singh 0 Reputation points

2024-01-04T09:50:25.2033333+00:00

Thank you James for clarifying it. it cleared to me.
Just i need some more clarification-

If we are refreshing the token using the refresh token API
a. if KMSI is not selected - will the application continuously renew the token if we call the refresh token API? When it will stop renewing the token?

b. if KMSI is selected- When it will stop renewing the token?

Let's consider - the KMSI Web session - 1 day and the validity of the refresh token is 1 day, and the access token is 30 minutes.

Thanks
Jack 1 Reputation point

2024-11-02T14:41:15.27+00:00

I am a little confused about the difference also. I see that tokens have a max limit of 1440 hours lifetime. B2C lets you set KMSI to 90 days max. So if I login to a website with KMSI. The website uses msal authentication. Is it using tokens which expire in 24h or KMSI which expires in N days?

Share via

Refresh Token API or KMSI-Redirect to /authorise

1 answer

Your answer