Closed fabio-muramatsu closed 5 years ago
@fabio-muramatsu this behavior is currently by design
Hi @sgellock,
Thanks for the response. In this case, is it possible to expose the expiration date as part of the TokenResponse
? The expiration field there seems to be always null:
Right now, the only way to find out if a token is expired is to actually try using it and catching the corresponding exception, which is less than ideal. I'd appreciate any suggestions here.
hello, how can I force a refresh token, without re-login ? offline_access scope is allowed
@sgellock can you provide a workaround ?
We are also having this exact same issue. When we were using a webchat version of our bot, we did not see this issue, this was because users would not generally leave the web page open and they would get a different chat id each time, so they had to login each time they interact with the chatbot.
However, we have recently moved to MS teams for the same bot and are getting a lot of problems with expired tokens. We are now having to catch the error in a similar way, message the user to type 'logout' and log back in as a quick fix whilst we get this corrected.
I am thinking of somehow automatically logging the user back out and then sending them the oAuthPrompt again. though really, this should be able to auto refresh the token somehow.
Version
4.3.2
Describe the bug
I'm using the OAuthPrompt to authenticate the user to my bot, which runs as an AADv2 application. I can get the token correctly from the OAuthPrompt, but I noticed it returns a cached token even if it is expired. This issue is similar to the one described in #764, but I've decided to open a new one because the original issue involves more than just the expired token being returned.
To Reproduce
Use the OAuthPrompt to authenticate the user and get a token. After some time (enough for the token to expire), calling OAuthPrompt again results in the expired token being returned.
Expected behavior
If the token is expired, the OAuthPrompt should request the user to authenticate again, and return a valid token to the bot application.
[bug]