skip to Main Content

I tried many times to update token lifetime. When I use users flows, I can update token life time without any problem. On the other hand, doing the same thing in custom policy is not working.

 <TechnicalProfile Id="AAD-Common">
          <Metadata>
            <Item Key="token_lifetime_secs">3600</Item>
            <Item Key="id_token_lifetime_secs">3600</Item>
            <Item Key="refresh_token_lifetime_secs">1209600</Item>
            <!--<Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>-->
            <Item Key="allow_infinite_rolling_refresh_token">true</Item>
            <Item Key="Operation">Read</Item>
            <Item Key="ClientId">app id </Item>
            <Item Key="ApplicationObjectId">app object id</Item>
          </Metadata>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="objectId" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
            <OutputClaim ClaimTypeReferenceId="givenName" />
          </OutputClaims>
</TechnicalProfile>

Any ideas?

I tried many times to update token lifetime. When I use users flows, I can update token life time without any problem. On the other hand, doing the same thing in custom policy is not working. The access token life time is still the same.

2

Answers


  1. The code you’ve shared appears to be a snippet for an Azure AD B2C custom policy where you’re attempting to set the token lifetimes (token_lifetime_secs, id_token_lifetime_secs, refresh_token_lifetime_secs). These settings typically define how long the issued tokens are valid for authentication and authorization purposes.

    However, the configuration you’ve provided seems correct syntactically. You’re setting the lifetimes in seconds for access tokens, ID tokens, and refresh tokens, as well as specifying some additional settings.

    If this configuration is not affecting the token lifetimes as expected, there might be a few potential reasons for this:

    Policy Application: Ensure that this policy is being correctly applied to your Azure AD B2C tenant and to the user flows that are using this custom policy.

    Token Cache: Azure AD B2C might be caching the tokens, which could affect the changes in the token lifetimes. Make sure to clear any existing tokens or cache before testing changes in lifetimes.

    Policy Execution Order: Verify that this policy is in the correct order of execution and is not being overridden by other policies or settings.

    Policy Validation: Double-check the policy for any typos or issues that might be causing the configurations not to apply correctly.

    It seems like you’ve configured the token lifetime settings in the AAD-Common technical profile.
    Let’s check a few things:

    • Are you receiving any specific error messages when trying to update
      the token lifetime in custom policies?
    • Have you verified that the custom policy is being applied correctly
      and the changes are reflected in the policy settings?

    It might also be helpful to review the policy logs or any error messages you’re encountering to pinpoint the issue. Additionally, ensure that your policy customization aligns with the supported configurations for token lifetime in Azure AD B2C

    If you’ve verified these points and the token lifetimes are still not being updated as expected, it might be beneficial to review any specific error messages or logs that could shed light on why the changes aren’t taking effect. Additionally, checking Azure AD B2C documentation or community forums might provide further insights into common issues or limitations related to token lifetime modifications within custom policies.

    Login or Signup to reply.
  2. That’s because this metadata should be in a JwtIssuer technical profile, not AAD-Common.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search