Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh token #89

Open
MINDoSOFT opened this issue Mar 10, 2021 · 2 comments
Open

Refresh token #89

MINDoSOFT opened this issue Mar 10, 2021 · 2 comments

Comments

@MINDoSOFT
Copy link

Using the sample tenant provided I am able to get an access token and a refresh token.

The access token expires in one hour and the refresh token in 14 days.

If I try to open the Tasks page after the access token has expired, I am redirected to the b2clogin page, and a completely new access and refresh token are being retrieved.

This sounds different than what I expect after reading this.

I am expecting AcquireTokenSilent to use the refresh token to retrieve a new access token in the background.

Let me know if this is a problem with the sample or an issue with the library.

@MINDoSOFT
Copy link
Author

@jmprieur it looks like when you change a configuration in the OpenIdConnectAuthenticationOptions this issue is fixed.

You need to set the UseTokenLifetime to false.

// ASP.NET web host compatible cookie manager
CookieManager = new SystemWebCookieManager(),
UseTokenLifetime = false

When you say token lifetime, it doesn't specify if it is the access token lifetime or the refresh token lifetime when it is present. And I am guessing this case is not handled by the OpenIdConnectAuthentication middleware.

@jmprieur
Copy link
Contributor

Thanks for the heads-up @MINDoSOFT

@jmprieur jmprieur reopened this Mar 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants