Expiration of refresh token in SPA application in AD B2C
Question
Following documentation single-page applications using the authorization code flow with PKCE always have a refresh token lifetime of 24 hours.
I have the same scenario but I wonder if it is possible to set that refresh token expiration time on shorten than 24hours time or event do not use it and force user to type login and password every time access token expires?
1 answers
solution1
0 2021-03-06 21:04:23
Currently its fixed at 24 hours.
You could switch to implicit flow here to achieve this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Revoke a refresh token on Azure AD B2C
Azure AD B2C Refresh Token Revoked 403
How to refresh Azure AD B2C identity token
Azure AD B2C password expiration
azure ad b2c with spa and webapi
Azure B2C: remove token expiration
Does updating the Refresh token life Azure AD B2C User flows expire current Refresh tokens
Azure AD B2C Refresh Token/ID Token iOS Swift 4
Azure AD B2C password expiration notification
Azure AD B2C is possible set password expiration period?
Related Tags