ADFS 3.0 OAuth refresh token expiration

Laszlo Penzes 1 Reputation point


I'm struggling with a problem at one of my customers. An external web application is querying a RESTful service which is secured by ADFS 3.0 (Windows Server 2012 R2).

I configured a Relying Party Trust and created a client application with a redirect uri.

  • User initiates logon within external web app (Cyclr integration tool)
  • On ADFS login dialog, types email/password and ticks "keep me signed in"
  • External web app receives authorization code
  • Using the auth code, gets a set of OAuth tokens (access and refresh token)
  • When access token expires, gets a new access token by using refresh token
  • When refresh token is about to expire, external web app should get a new refresh token as well, but it doesn't

I found documentation regarding ADFS 4.0 (Windows server 2016) only:

According to it, a refresh_token_expires_in parameter should be received and the client (int this case external web app) can get a new refresh token when the old one is about to expire. Now we don't receive any such parameter and can't get a new refresh token.

Is there a way to convince ADFS 3.0 to work as expected?

Thank you,

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,222 questions
0 comments No comments
{count} votes