our refresh token max lifetime is set to 24 hours. After 24 hours of inactivity the user should be asked to login into his microsoft account again.
In oidc settings we have automaticSilentRenew property set to true. For every 1 hour a request to token endpoint is sent automatically.
The token endpoint is failing with 400 bad request with the below response after 24hours
{"error":"invalid_grant","error_description":"AADSTS700081: The refresh token has expired due to maximum lifetime. The token was issued on 2021-07-20T05:09:24.0754582+00:00 and the maximum allowed lifetime for this application is 1.00:00:00.\r\nTrace ID: 21e2b7bd-d40e-4a24-afb5-9c4881345801\r\nCorrelation ID: 7a5aeb31-2a37-4fbf-bc26-02b457d5d249\r\nTimestamp: 2021-07-21 12:26:56Z","error_codes":[700081],"timestamp":"2021-07-21 12:26:56Z","trace_id":"21e2b7bd-d40e-4a24-afb5-9c4881345801","correlation_id":"7a5aeb31-2a37-4fbf-bc26-02b457d5d249","error_uri":"https://login.microsoftonline.com/error?code=700081"}
So after 24 hours if an endpoint is called due to any user activity, our server is sending 401 unauthorized and in our catch block we wrote code to redirect the user to microsoft login page.
Instead, is there a way to intercept token endpoint and automatically redirect the user to microsoft login screen if the endpoint returns 400 bad request with invalid_grant.
