Expiração antecipada de access token OAuth2 no Azure

Felipe Cassimiro 0 Reputation points
2025-02-01T04:42:55.5966667+00:00

Olá,

Li uma resposta de um funcionário da Microsoft afirmando que os tokens de atualização (refresh tokens) no Azure geralmente têm uma validade de 90 dias, desde que sejam utilizados regularmente. No entanto, estou enfrentando um caso em que o token está sendo revogado antes desse período, às vezes em apenas 15 dias.

Gostaria de entender melhor os possíveis motivos para essa expiração antecipada. Existem políticas específicas que podem reduzir a validade do token? Poderia estar relacionado a configurações de segurança ou ao tipo de aplicação utilizada?

Agradeço desde já pelo suporte.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,255 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. David Broggy 6,101 Reputation points MVP
    2025-02-01T21:24:22.6566667+00:00

    Hi Felipe,

    Here is a list of items which can cause token refresh:

    1. Conditional Access Policies:
      • Implementing Conditional Access policies can influence token lifetimes. For instance, setting specific sign-in frequencies can require users to reauthenticate more often, affecting refresh token validity. learn.microsoft.com
    2. Security Defaults and Multi-Factor Authentication (MFA):
      • Enabling security defaults or configuring MFA can impact token lifetimes. Settings like "remember multi-factor authentication on trusted devices" might cause tokens to expire sooner. learn.microsoft.com
    3. Application Type:
      • Single-page applications (SPAs) have refresh tokens with a shorter lifespan, typically expiring after 24 hours, to enhance security. learn.microsoft.com
    4. Session Management Settings:
      • Configuring session management settings, such as setting the signInSessionsValidFromDateTime property for a user, can invalidate existing refresh tokens, requiring users to sign in again. learn.microsoft.com
    5. Token Lifetime Policies:
      • While not all aspects are configurable, certain token lifetime settings can be adjusted in Azure AD B2C to control how long tokens remain valid. learn.microsoft.com

    hope that helps.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.