How to know or validate azure ad token is expired and re-create it through SDK java (TokenCredentialAuthProvider)

Question

I am using the following code to get the token, based on the below code how do we know the token is expired and get a new token

try {
            final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
                    .clientId(clientId)
                    .clientSecret(clientSecret)
                    .tenantId(tenantId).build();

            final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(
                    Arrays.asList(".default"), clientSecretCredential);

            graphClient = GraphServiceClient.builder().authenticationProvider(tokenCredentialAuthProvider)
                    .buildClient();
        } catch (Exception e) {
            // TODO: handle exception
        }

How to know the token has expired . What is the check to do and call the above code again. should i check ClientSecretCredential is null or TokenCredentialAuthProvider is null or GraphServiceClient is null

if (ClientSecretCredential == null) or if (TokenCredentialAuthProvider == null) or if (GraphServiceClient == null)

I have gone through this below link, but does not give much info https://learn.microsoft.com/en-us/answers/questions/812332/access-token-expiry-time-and-refresh-token

It says

And client credential flow will not issue refresh tokens, the client can make the same call again to obtain a new access token.

But on what condition can we call the above code . Any help.

using `ClientSecretCredentialBuilder` then no need to refresh the token. I mean, when using this authprovider, then each time we use `graphClient` to call graph api, it would re-initial the authprovider then it won't expire — Tiny Wang, Mar 14 '23 at 08:10

score 0 · Answer 1 · answered Mar 28 '23 at 10:49

There are two ways to validate whether the token is expired or not:

Method 1:

Here, my token expiration time is 5 minutes.

With the below code, I am checking if the token expiration time is less than 5 minutes or not and re-generating the token If expired,

Instant  expirationTime  =  result.expiresOnDate().toInstant();
Instant  currentTime  =  Instant.now();
Duration  duration  =  Duration.between(currentTime,  expirationTime);

if  (duration.toMinutes()  <  5)
{
future  =  app.acquireToken(parameters);
result  =  future.get();
accessToken  =  result.accessToken();
}

Method 2:

you can use Azure SDK in which AccessToken class present where we have getToken() to get the token.

To check whether your token is expired or not, we have the method called isExpired() by which you verify as shown below:

ClientSecretCredential clientCredential = new ClientSecretCredentialBuilder()
    .clientId(clientId)
    .clientSecret(clientSecret)
    .tenantId(tenantId)
    .build();
    
AccessToken accessToken = clientCredential.getToken();

if (accessToken.isExpired()) {
    accessToken = clientCredential.getToken();
}

Results:

Below are the expired and newly generated tokens in my environment:

enter image description here

How to know or validate azure ad token is expired and re-create it through SDK java (TokenCredentialAuthProvider)

1 Answers1