Change device authorization token expiration time in AKS AD RBAC authentication

Question

We have setup AKS with Azure AD authentication with Kubernetes RBAC type. After spinning, kubectl command asked for device login only for the first time via this url https://microsoft.com/devicelogin.

But, it's been many months it is not asking this anymore. Is there any way to change the expiration interval of the token so that after every 1 day kubectl command will ask users to authorize their devices again.

Answer 1

Hello Tanul, Welcome to Microsoft Q&A , thankyou for posting your query here. 1.Azure AD has a setting called Token Lifetime policies. You can configure token lifetimes in the Azure portal. Go to the Azure portal. In "Azure Active Directory" > "Security" > "Authentication methods" > "Authentication methods blade" > "Token Lifetime Policies". you can configure the lifetime of access tokens, refresh tokens, and ID tokens. It may impact other applications so be cautious while adjusting these values. 2.you can use the --device-code-validity flag with the az aks get-credentials command. This flag specifies the duration (in seconds) for which the device code is valid. This will generate a new device code and ask the user to authenticate their device again after 24 hours. az aks get-credentials --resource-group <resource-group-name> --name <cluster-name> --device-code --device-code-validity 8640 Hope this helps you. Please accept the answer if it is helpful else post your error/query here give more detailed answer thankyou.