search

AzureAD / microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
MIT License
285 stars 142 forks source link

[Bug] Tokens returned from the WAM broker do not have an expiration time set #783

Open billwert opened 7 months ago

billwert commented 7 months ago

Library version used

1.14.0

Java version

8+

Scenario

Other - please specify

Is this a new or an existing app?

None

Issue description and reproduction steps

Tokens returned from the WAM authentication broker do not have an expiration time set.

This is the IAuthenticationResult I got back from PublicClientApplication#acquireTokenSilently:

image

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

bgavrilMS commented 7 months ago

@billwert - is this an adoption blocker @billwert ? Note that you shouldn't rely on the ID token's exp claim for this, as id token a and access tokens have different lifetimes.

billwert commented 5 months ago

@bgavrilMS sorry, I missed this question. It's not a blocker, I suppose, but it's going to cause us to request tokens way more often than we should. Note we're not relying on anything inside the token's claims ever: we don't parse those in Identity. We rely on MSAL when that is necessary, or like the response from IMDS has it directly without parsing the token.