B2C Authentication and Offline Devices

Damien Constantine 1 Reputation point


We are developing a device-hosted application that requires authentication.
99% of the time these devices are connected to the Internet.
We require that 1% to still work - even offline.
For example: User A has logged in within the last 3 days. This user, even though the internet is down, would still need to be able to log in.
What is the best way to handle this?
Can a user, when the device is offline, still log in if they have logged in recently; and if they have not?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,769 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee

    Hello @DamienConstantine-5544 ,

    Yes in your case the user can still login but it depends on how much time has elapsed from the user obtained the token . The JWT auth token obtained in B2C has different validity as per the type as listed here . The access token an ID token lifetimes are a default of 1 hour . But if you require a user to stay signed in to a mobile applicaton indefinitely as long as the user is continually active on the application , you can set the Refresh token sliding window lifetime (days) to No Expiry in your sign-in user flow. The picture below shows that setting. You can set the same to No Expiry rather than Bounded . Other aspects of the Token Lifetime in your user flow can be edited and changed as per your requirements.


    You will need to also take care of the session behavior properties and configure the Web App session tmeout to rolling as shown in the picture below.


    Taking care of the session behavior and token lifetimes you should be able to achieve your requirement . Should you have any further query , please let us know ad we will be happy to help . If the information helps you , please do accept the post as answer which will help other members of the community . I have also linked related articles which I would suggest for further reading as they provide a detailed explanation on the topic.

    Thank you.

    0 comments No comments

  2. Damien Constantine 1 Reputation point

    I would like to present another scenario that I forgot to include in my original request: We need to be clear that there are multi-user terminals in addition to mobile phones, and the equipment may have been used by a different user during the 3 days that we'd like to be able to regain access in the absence of cloud connectivity. We could dispatch a tech to go fix a networking problem, they will have used their account to log in somewhere within 3 days, but not necessarily to that particular piece of equipment that's having internet connection loss.

    0 comments No comments