Azure AD B2C - Maintaining OTP between browser close/reopen

Question

The otp used in Azure B2C in the displaycontrol / email verification has the following parameter:

ReuseSameCode: Whether a duplicate code should be given rather than generating a new code when given code has not expired and is still valid. The default value is false.

Link

My question - when enabling this, we noticed that the code is only kept within the same browser session, ie if the user accidentally closes their browser and comes back, they're given a new code, even if they're still within the time limit for which a token is valid (we upped it to 20 minutes).

Is there any setting we can set so that the same token will be reused, even after browser restart?

score 0 · Accepted Answer · answered Jul 30 '20 at 13:59

0

No, it is tied to the session cookie of the authentication at the time. Closing the browser loses the session cookie and therefore B2C treats it as a fresh authentication.

answered Jul 30 '20 at 13:59

Jas Suri - MSFT

10,605
2
10
20

Thanks for the reply and confirmation Jas. – MoP Aug 03 '20 at 23:35

Azure AD B2C - Maintaining OTP between browser close/reopen

1 Answers1