For authentication, in my application I use the @azure/msal-react library and @azure/msal-browser. I have noticed that the method that downloads the token acquireTokenSilent() returns both: accessToken and idToken, while the expiration time of these tokens is different each time I try to download, the difference is never the same or similar. And the token itself is refreshed only when it reaches the acesss token's expiration time. Is this a natural behavior or what could be the reasons for it?
Asked
Active
Viewed 1,870 times
1 Answers
1
It's a natural behavior that the id token's lifetime is 1 hour by default while the access token have 60-90 minutes (75 minutes on average) by default. Microsoft official document mentioned it.
And certainly, lifetime of the token can be changed by setting token lifetime policy. Here's the steps for setting token lifetime.
Tiny Wang
- 10,423
- 1
- 11
- 29