Hi @Uwe Kohl ,
Thanks for reaching out.
I understand you are looking to extend lifetime of Access & ID token for your B2C application.
The default lifetime of Access token is 60 minutes. As access tokens are not revoked, so extending the lifetime of access tokens are not recommended as malicious actor that has obtained an access token can use it for extent of its lifetime.
For maximum security and flexibility, it is recommended to use combination of access token and refresh token. When the access token expires, the application can use the refresh token to obtain the new access token.
To get the refresh token along with access token and ID tokens, you would need the scope as "offline_access" in your request. The default lifetime of refresh token is valid for 14 days and maximum lifetime is 90 days.
Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-tokens?pivots=b2c-user-flow
Hope this will help.
Thanks,
Shweta
---------------------------------
Please remember to "Accept Answer" if answer helped you.