In our refreshToken function, we are not passing any thing related to this user. I am confused how MSAL gets refresh tokens for this user and not any other?
MSAL handles refresh tokens internally. When you acquire an access token using acquireTokenByCode
method, MSAL also receives a refresh token tied to the user's session. This refresh token is stored in the token cache and is user-specific. MSAL uses this token to request new access tokens when needed without requiring the user to re-authenticate.
"access token can only be refreshed for a maximum period of 90 days", I read this on many places while researching. Does user needs to login every 90 days?
The refresh token received by MSAL can be used to obtain new access tokens for up to 90 days, provided the user remains active. If the user is inactive for a certain period (usually 14 days), the refresh token may become invalid, and the user would need to re-authenticate to obtain a new refresh token.
Can we get new refresh token without need of user to login again?
MSAL automatically tries to renew the access token using the refresh token when you call acquireTokenSilent
method. If the refresh token is close to expiration, MSAL will also try to get a new refresh token during this process. This is done silently without user interaction, as long as the current refresh token is still valid.
How do we know if access token is expired or not? Do we need to call profile (or any other) API for to check expiration of access token?
Access tokens typically have a short lifespan, usually around 1 hour. MSAL provides the acquireTokenSilent
method, which checks the expiration of the access token and attempts to renew it using the refresh token if it's expired or about to expire. You don't need to manually check the expiration, MSAL handles this for you.
Remember that while MSAL abstracts much of the token management process, it's always good practice to handle exceptions where a silent token acquisition might fail, prompting the user to re-authenticate if necessary.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.