Open ElianeMegert opened 1 year ago
I was seeing something similar to this with something I was running. I just saw this issue today. I made a PR https://github.com/MSEndpointMgr/IntuneWin32App/pull/96 about this the other week. I am not sure if this is the same you were refering to as you did not put any file names.
I was seeing something similar to this with something I was running. I just saw this issue today. I made a PR #96 about this the other week. I am not sure if this is the same you were refering to as you did not put any file names.
Seems to be about the same issue. the life-time of the token gets checked in almost all of the functions (files) in its "begin" section. Might be a good thing to move that to another test-token function to remove redunancy and simplify corrections.
Fixed, I think I caught them all. PR has been updated. I decided to use the existing Test-Token function that was already existent.
Just have to wait for the PR to be committed.
Let me know if you think I missed anything. Thanks!
After running into some strange "token rexpired" warning messages I started digging and noticed that my token exiration time is more than 60 minutes. I found this:
When issued, the default lifetime of an access token is assigned a random value ranging between 60-90 minutes (75 minutes on average). (https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#access-token-lifetime)
Now the calculation of the tokenliftime goes with minutes: $TokenLifeTime = ($Global:AuthenticationHeader.ExpiresOn - (Get-Date).ToUniversalTime()).Minutes if ($TokenLifeTime -le 0) { Write-Warning -Message "Existing token found but has expired, use Connect-MSIntuneGraph to request a new authentication token"; break } else { Write-Verbose -Message "Current authentication token expires in (minutes): $($TokenLifeTime)" }
So if tokenlife time is more than one hour (> 60 Minutes) this result is missleading and a wrong message appears.
after the minutes (here in the pic is 22 minutes) are past another 59 appear. I think you should take "TotalMinutes" instead of "Minutes":
$TokenLifeTime = ($Global:AuthenticationHeader.ExpiresOn - (Get-Date).ToUniversalTime()).TotalMinutes if ($TokenLifeTime -le 0) { Write-Warning -Message "Existing token found but has expired, use Connect-MSIntuneGraph to request a new authentication token"; break } else { Write-Verbose -Message "Current authentication token expires in (minutes): $($TokenLifeTime)" }