Azure B2C Custom Policy OAuth2 bearer authentication with cached access token that expires every 1 hour

Question

I would like confirmation, on setup being possible, and direction on achieving the following:

Azure B2C Custom Policy OAuth2 bearer authentication with token that expires every 1 hour

Steps which would be part of the Custom Policy Orchestration steps:

1. If not access token has been retrieved or it has expired (token are valid only for 1hr), then Custom Policy retrieves access token from a federated identity provider
   a. Requires logging-in, then retrieving of access token (two different restful api calls)
   b. Store access token with validaty of 1 hr
2. Access token is used to access an external Api that verifies its validity

My question specifically in in regards to this caching mechanism, since this flow fits the static bearer token described here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/secure-rest-api?tabs=windows&pivots=b2c-custom-policy#using-a-static-oauth2-bearer

Except the access token value would need to be set dynamically every 55 minutes.

Thank you

-Tony RR

Answer 1

Hello @Tony RR , Azure AD B2C cannot validate the expiration timestamp for a access token stored as a secret nor handle it inside a Custom Policy.

Regarding the stored access token you can replace the whole keyset or upload a new access token using Update trustFrameworkKeySet or trustFrameworkKeySet: uploadSecret operations respectively after 55 minutes have passed.

Please let us know if you need additional assistance.