I get that the refresh token may be the reason for the silent authentication. But is there a way to turn off the refresh token flow as the minimum value in the config i can set is 1 days.
The configuration b2c is attached as image. In startup I have following code to enable openid connect
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme);
services.AddMicrosoftIdentityWebAppAuthentication(serviceProvider.GetRequiredService<IConfiguration>(), "AzureAdB2C");
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, configureOptions: option =>
{
option.GetClaimsFromUserInfoEndpoint = true;
option.Events = new OpenIdConnectEvents();
option.Events.OnAuthorizationCodeReceived = context =>
{
// var idToken = context.;
return Task.CompletedTask;
};
option.Events.OnTicketReceived = context =>
{
context.HttpContext.Session.SetString("sign-id", context.HttpContext.Session?.Id ?? Guid.NewGuid().ToString());
// var idToken = context.;
return Task.CompletedTask;
};
option.Events.OnTokenValidated = OpenIdConnectionExtension.OnTicketReceivedCallback;
option.Events.OnRemoteFailure = OpenIdConnectionExtension.OnRemoteFailure;
option.Events.OnRemoteSignOut = context =>
{
context.Response.Redirect("/Identity/Account/Logout");
return Task.CompletedTask;
};
});
Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.