11

I'm having some trouble understanding how to get a Microsoft graph API token that lives more than 3599 seconds.

This is my first call to the API to get the first token:

enter image description here

And now that I got a refresh token I going to pass it through another call to get a new token:

enter image description here

This all works fine, except the new token also has a 3599 duration, so, my question is, is it possible to get a longer lived token, e.g. 14 days?

Femi Sulu
  • 303
  • 1
  • 4
Mi6u3l
  • 237
  • 1
  • 4
  • 10

1 Answers1

8

This actually isn't determined by Microsoft Graph but rather by Azure Active Directory.

For a given tenant, the life-time can be configured using Configurable token lifetimes in Azure Active Directory (Public Preview). There are a couple of important notes about this functionality:

  • This functionality is still in Preview, so functionality may change between now and general release.

  • This configuration is per tenant, service principal, or application. If you configure it on the application, then the policy will apply on multi-tenant applications unless superseded by a policy on the service principal or tenant level.

  • The maximum lifetime for an Access token is 24 hours (minimum is 10 minutes, default is 1 hour).

In general, rather than adjusting the lifetime of the Access Token you should rely on the Refresh Token instead. These have a much longer lifetime of 14 days.

Daniel Dobalian
  • 3,129
  • 2
  • 15
  • 28
Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
  • 2
    Small correction Marc, the configuration can be set on the tenant, application, or service principal. If you set it on the app, then it will apply for multi-tenant solutions unless overridden by another policy. This is explained in detail in the doc you linked if you want more info. – Daniel Dobalian Nov 02 '17 at 16:54