Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,860 questions
MSAL-browser refresh token
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 77%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
manish kiranagi
1
Reputation point
In MSAL browser, acquireTokenSlient get's a refresh token on every call to the token end point. The first refresh token has a duration of 1 day. Subsequent refresh tokens all have reduced (the remaining) expiry time. After the refresh token expires eventually, if an AD Session exists than the authorisation code is returned in an iframe before making the token call. If this silent retrieval of auth code fails we have to use an interactive method call.
Now the AD Session typically lasts a day. So are we saying that the user will always be forced to do an interactive login after a day because the refresh token has expired and the AD Session has expired?
Or does the AD Session roll on for each token call, so that the expired refresh token can come silently through iframe call mentioned above?
I need the user to be able to access the token without login if he has been making the token calls without break of a day. Would that be possible using msal-browswr refresh tokens? MSAL.js does seem to roll on the AD session after every authorisation endpoint call via aquireTokenSilent - so it doesnt have a problem. But I cant use it as Safari blocks 3rd party cookies requiring an interactive call every hour - which is essentially a refresh of the app.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 34,786 Reputation points Microsoft Employee2021-04-13T22:47:44.78+00:00 Is it a new refresh token or existing one? You cannot set token lifetime policies for refresh tokens and session tokens.
Sign in to comment