How to set Access Token Lifetime (session time) and Refresh Token Max Inactive Time?

AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.

https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular

Apache License 2.0

627 stars 373 forks source link

How to set Access Token Lifetime (session time) and Refresh Token Max Inactive Time? #883

Closed nikhil-mahirrao closed 4 years ago

nikhil-mahirrao commented 5 years ago

How to config AccessTokenLifetime, MaxInactiveTime from AuthenticationContext ?

var authContext = new AuthenticationContext({ clientId: 'someId', postLogoutRedirectUri: 'someURL', redirectUri: 'someURI', });

As bellow link shows some more config params,

Configurable token lifetimes in Azure Active Directory: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

sameerag commented 4 years ago

This cannot be achieved from msal. This has to be configured in app portal. As far as I know, accessToken in implicit flow cannot be extended beyond an hour. @hpsin can you add anything here?

hpsin commented 4 years ago

You need to use the policy that's described in the article, via powershell. There's nothing that indicates that implicit flow tokens can or cannot be edited, so I assume they can be.

jmckennon commented 4 years ago

Closing this as we're assuming this is no longer an issue. We recommend that everyone switch to msal js here for advanced features and bugfixes.