How to extend the lifetime of RefreshToken

Dharmaraj Kurle 20 Reputation points
2024-12-16T13:41:36.37+00:00

Hello Team,

We are application provider where Org Admin gives delegate access/permissions to the application to send email on behalf of the user.

But the AccessToken & RefreshToken received from Microsoft is short lived.

My requirement is to save the refresh token & use it in background job to send the Phishing email to the users for extended period of time i.e. 6 to 12 months. Otherwise Background job will fail & Org Admins will have to provide consent on regular basis.

Please advice about how to extend the lifetime of RefreshToken.

Thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,990 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 14,655 Reputation points Microsoft Vendor
    2024-12-16T18:23:37.72+00:00

    Hi @Dharmaraj Kurle

    Thank you for posting this in Microsoft Q&A.

    I understand that you are asking how to extend the lifetime of a refresh token so that you can use it in a background job to send phishing emails to users for an extended period of time without requiring the Org Admin to provide consent on a regular basis.

    By default, the access token lifetime is 60 minutes, and refresh tokens have a longer lifetime than access tokens. The default lifetime for refresh tokens is 24 hours for single page apps and 90 days for all other scenarios.

    As of January 30, 2021, you cannot configure refresh and session token lifetimes. Unfortunately, you cannot extend the period of a refresh token to 6 to 12 months. Refresh tokens replace themselves with a fresh token upon every use, but they can be revoked at any time due to timeouts, revocations, or other reasons. Therefore, in order to handle this, your application must be prepared to rerun the authorization code flow using an interactive authentication to get a new refresh token.

    For your reference: https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens

    You can configure sign-in frequency in Conditional Access to define the time periods before a user is required to sign in again. For more information, see Configuring authentication session management with Conditional Access.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.