locked
Active Directory Authentication Library and Access Token Expiration RRS feed

  • Question

  • Hello,

    I am very new to Azure Active Directory and Authentication. We have a native windows application which needs to be authenticated via AAD. So to educate myself, after reading multiple articles and blogs, got a basic sample application up and running.

    The sample application is in C# and uses Active Directory Authentication Library (ADAL) version 3.13.8. The application uses AuthenticationContext class methods to acquire token and extended TokenCache class to have persistent storage of the token.

    When I run the application, the application asks for the user name and password and returns token successfully. I am using AcquireTokenAsync() and the token data is saved in a file as I expected.

    When I browse the authentication results returned by AcquireTokenAsync method, data for Access token expiration is ALWAYS 6 hours away from the time I accessed the token.

    All the documents I read states, by default access token expires in 1 hour. So why am I getting a 6 hour timeframe? Is this something that is configurable via application registration process, which I don't see either.

    Can someone help me understand this?

    Thank you in advance!

    K










    AuthenticationContext and

    okenCache class to .

    Thursday, January 12, 2017 5:19 PM

Answers

  • Hello,

    Thank you for your post.

    The AccessToken Lifetime is Configurable. Please follow the documentation for details: Configurable Token Lifetimes in Azure Active Directory

    Access token lifetime

    String: AccessTokenLifetime

    Affects: Access tokens, ID tokens

    Summary: This policy controls how long access and ID tokens for this resource are considered valid. Reducing the access token lifetime mitigates the risk of an access or ID token being used by a malicious actor for an extended period of time (as they cannot be revoked) but also adversely impacts performance as the tokens will have to be replaced more often.

    Hope this Helps.

    Regards,
    Neelesh

    _________________________________________________________________________________
    If this post was helpful to you, please up vote it and/or mark it as an answer so others can more easily find it in the future

    Friday, January 13, 2017 11:04 AM

All replies

  • Hello,

    Thank you for your post.

    The AccessToken Lifetime is Configurable. Please follow the documentation for details: Configurable Token Lifetimes in Azure Active Directory

    Access token lifetime

    String: AccessTokenLifetime

    Affects: Access tokens, ID tokens

    Summary: This policy controls how long access and ID tokens for this resource are considered valid. Reducing the access token lifetime mitigates the risk of an access or ID token being used by a malicious actor for an extended period of time (as they cannot be revoked) but also adversely impacts performance as the tokens will have to be replaced more often.

    Hope this Helps.

    Regards,
    Neelesh

    _________________________________________________________________________________
    If this post was helpful to you, please up vote it and/or mark it as an answer so others can more easily find it in the future

    Friday, January 13, 2017 11:04 AM
  • Thank you Neelesh for your reply.

    I did review this article before posting my question, but missed looking at the code samples given towards the end of the article. Thank you for pointing me in the correct direction!

    Thanks & Regards,

    K

    Monday, January 16, 2017 3:26 PM