The true valid time for "user_code expires_in" is 300 seconds, but the microsoft server tells me that the "user_code expires_in" is 900 seconds

scarecrow kakashi 246 Reputation points
2022-08-31T08:19:27.763+00:00

I got user_code following https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code .

Step 1. Execute the folowing command:
curl -vik -d "client_id=fb305542-dc39-4760-a8ac-2eebd9099dd9&scope=openid profile email https://outlook.office.com/POP.AccessAsUser.All+offline_access&" https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode

Microsoft server response:
236463-1.png

Step 2.
Execute the following command every 15 seconds:
curl -vik -d "client_id=fb305542-dc39-4760-a8ac-2eebd9099dd9&device_code=HAQABAAEAAAD--DLA3VO7QrddgJg7WevrH4vzpebJBbwZWgG-RppRBsBr8DMJ3u96orVK1HX6IT0o8Otxz2qjU0Bn67iKworp7JyOaEi6RdcOxaSDr9HOAeZ22rbiObFh7K4DbE524nBYsytAskPg0uklRa5KgDFiINQ4EbPAbo6tHyhSh4ZYb2DEXb34CZYAKQHli-xr6URSZsPcR1SvPJOawhvSrrFIz0kKN-FZyoYEXqja4H-Ns0uSlBkAovjr_Dcrh7hABvd1j3uaRnRrGdXFGRc2cjzj2JSC3ZJ1U8dQPdItmJbXNN0sggnamGWWN2_4shF95l3dswQhVXz1aO5I7IwWDpr-4MLrX4Src_Sf3744y0Y_5No05mpSLwMLHBbOK3xvsc02wr25EFNQXUEz3cqtwTD0IAA&grant_type=urn:ietf:params:oauth:grant-type:device_code" -H "Content-Type: application/x-www-form-urlencoded" https://login.microsoftonline.com/consumers/oauth2/v2.0/token

Step 3.But after 300 seconds I visit the https://www.microsoft.com/link in the browser , and enter 452APQ3U get the following result:

236443-1.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,304 questions
0 comments No comments
{count} votes

Accepted answer
  1. James Hamil 21,386 Reputation points Microsoft Employee
    2022-08-31T18:44:59.363+00:00

    Hi @scarecrow kakashi , 900 seconds is the "usual time" but it's pretty much arbitrary. Take a look at the OAuth doc here. You can change the token expiry time. So most likely you just need to edit your refresh token and it should work for you. I'm having a hard time following the steps you posted, but wherever you use the refresh token try updating the expiry time manually.

    Please let me know if you have any questions.

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,
    James


0 additional answers

Sort by: Most helpful