This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 96%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
Hi,
We're encountering issues while trying to set a 24-hour access token lifetime ("23:59:59") for a specific app using client credentials flow with the /oauth2/v2.0/token endpoint.
The TokenLifetimePolicy is created and assigned to the service principal.
It shows as assigned, but the token lifetime remains 1 hour.
"isOrganizationDefault": true, it works — but applies to all apps in the tenant, which is a security concern because it overrides the token lifetime for all applications within the tenant, rather than being scoped to a specific app. Is this a limitation we’re encountering, or is there something we’re missing?
Reference: https://learn.microsoft.com/en-us/graph/api/resources/tokenlifetimepolicy?view=graph-rest-1.0 https://learn.microsoft.com/en-us/graph/api/application-post-tokenlifetimepolicies?view=graph-rest-1.0&tabs=javascript
Thanks
Have you tried setting for a specific app following this?
https://learn.microsoft.com/en-us/entra/identity-platform/configure-token-lifetimes
Note that it is preview
Thank you for your assistance. However, the issue still persists. We had already been using the same approach previously. The policy is being assigned successfully using both the App Registration's object ID as well as Service Principal's object ID, but the token validity remains at 1 hour.
The only scenario in which the policy seems to take effect is when it is applied at the tenant level with "isOrganizationDefault": true.
Is there any additional setting that needs to be explicitly enabled for App Registrations, or could this be a potential bug?
Well, keep in mind, its in preview so that may be part of the issue here if its not working as expected.
Can you please confirm this issue from development team, that would be great, also if there is anything that can help us, please do let me know.
Does this help clarify things a bit?