Is there a concept of Refresh token sliding window lifetime (days) for Azure AD refresh tokens

integ new 1 Reputation point
2022-06-02T06:41:48.56+00:00

For Azure B2C tenants (user flow), there is a concept of Refresh token sliding window lifetime (days) as explained here https://learn.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#configuration. Is there a similar concept in refresh tokens issued in Azure AD (not B2C) tenants? The documentations say that validity is 24 hrs (for SPAs) & 90 days for others, which can't be changed. My question is, can the process of re-generation of a new refresh token (using the old one) continue indefinitely or is there a hard limit beyond which users are forced to re-authenticate. Just to clarify, I'm talking about invalidation/revocation of refresh tokens here.

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,068 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,535 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 100K Reputation points MVP
    2022-06-02T07:28:25.257+00:00

    Yes, the same applies to "standard" Azure AD tenants - as long as there is usage, the refresh token is renewed automatically and can have indefinite validity.

    1 person found this answer helpful.
    0 comments No comments