Hero Banner

Secure Application Model

Learn and ask questions on how to implement secure application model

Reply
jpsingh
Visitor 1

Refresh Token expiry/lifetime clarification

Hey,

 

We have implemented the secure application model framework. We have performed the authentication (MFA) interactively. The response back from Azure AD includes an access token and a refresh token. We have stored the refresh token securely in the Key-Vault. It all works fine, which is great.


My question is regarding the lifetime of this refresh token. From the docs (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#token-lifetime-policy-properties), By default, MaxInactiveTime will be 90 days and MaxAgeMultiFactor will be until revoked. As we are using the refresh token everyday to get access token, means the refresh token should not expire (as MaxInactiveTime 90 days condition will never be met).

Is my understanding correct?

 

Also, is there a way to check the expiry time for refresh token?

 

Thanks for your attention.

Jotpal

1 ACCEPTED SOLUTION
JanoschUlmer
Microsoft

Your understanding is correct.

 

Afaik the refresh tokens lifetime will not be visible (Only the access token's lifetime can be seen).

Kind regards,
Janosch
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices

View solution in original post

1 REPLY 1
JanoschUlmer
Microsoft

Your understanding is correct.

 

Afaik the refresh tokens lifetime will not be visible (Only the access token's lifetime can be seen).

Kind regards,
Janosch
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices

View solution in original post