search

MSEndpointMgr / IntuneWin32App

Provides a set of functions to manage all aspects of Win32 apps in Microsoft Intune.
MIT License
345 stars 88 forks source link

Token expiration issue #73

Open ElianeMegert opened 1 year ago

ElianeMegert commented 1 year ago

After running into some strange "token rexpired" warning messages I started digging and noticed that my token exiration time is more than 60 minutes. I found this:

When issued, the default lifetime of an access token is assigned a random value ranging between 60-90 minutes (75 minutes on average). (https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#access-token-lifetime)

Now the calculation of the tokenliftime goes with minutes: $TokenLifeTime = ($Global:AuthenticationHeader.ExpiresOn - (Get-Date).ToUniversalTime()).Minutes if ($TokenLifeTime -le 0) { Write-Warning -Message "Existing token found but has expired, use Connect-MSIntuneGraph to request a new authentication token"; break } else { Write-Verbose -Message "Current authentication token expires in (minutes): $($TokenLifeTime)" }

So if tokenlife time is more than one hour (> 60 Minutes) this result is missleading and a wrong message appears. image

after the minutes (here in the pic is 22 minutes) are past another 59 appear. I think you should take "TotalMinutes" instead of "Minutes":

$TokenLifeTime = ($Global:AuthenticationHeader.ExpiresOn - (Get-Date).ToUniversalTime()).TotalMinutes if ($TokenLifeTime -le 0) { Write-Warning -Message "Existing token found but has expired, use Connect-MSIntuneGraph to request a new authentication token"; break } else { Write-Verbose -Message "Current authentication token expires in (minutes): $($TokenLifeTime)" }

CodyRWhite commented 1 year ago

I was seeing something similar to this with something I was running. I just saw this issue today. I made a PR https://github.com/MSEndpointMgr/IntuneWin32App/pull/96 about this the other week. I am not sure if this is the same you were refering to as you did not put any file names.

ElianeMegert commented 1 year ago

I was seeing something similar to this with something I was running. I just saw this issue today. I made a PR #96 about this the other week. I am not sure if this is the same you were refering to as you did not put any file names.

Seems to be about the same issue. the life-time of the token gets checked in almost all of the functions (files) in its "begin" section. Might be a good thing to move that to another test-token function to remove redunancy and simplify corrections.

CodyRWhite commented 1 year ago

Fixed, I think I caught them all. PR has been updated. I decided to use the existing Test-Token function that was already existent.

Just have to wait for the PR to be committed.

Let me know if you think I missed anything. Thanks!