Share via

M365 Copilot Plugin authentication token keeps timing out

Luís Teixeira 25 Reputation points
2026-06-02T09:41:21.06+00:00

We have our plugin created and working, however we have been noticing authentication issues about expiration of the token:
User's image

This message appears after 1 hour of authenticating (assuming default time) shouldn't the refresh token be kicking in?

Microsoft Copilot | Microsoft 365 Copilot | Development
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Burak VAROL 706 Reputation points
    2026-06-02T12:08:58.7433333+00:00

    Hi Luis,

    An access token expiring around 1 hour is expected behavior in OAuth. Normally, a refresh token should be used to silently obtain a new access token without requiring re-authentication.
    https://docs.azure.cn/en-us/entra/identity-platform/refresh-tokens

    If that’s not happening, it usually means one of the following:

    • A refresh token isn’t being issued.
    • The client isn’t properly storing or using the refresh token.
    • Entra ID policies (e.g., Conditional Access) are forcing re-authentication.

    Copilot plugins support OAuth 2.0 authorization code flow, so the refresh flow should work if implemented correctly.
    https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/plugin-authentication

    I’d recommend confirming that a refresh token is returned and that your app is actually using it during token renewal. It may also help to review Microsoft Entra sign-in logs and Conditional Access policies to rule out policy-driven re-authentication.

    Regards,
    Burak V.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.