![]()
Additionally, with CAE, we have added random jitter to access token lifetime to spread out token requests - we don't want to water hammer the service as each timezone requests tokens all at once every day at 9AM. Yup, this is one major source of token lifetime changes. The lifetime of tokens is configurable by the administrator of Azure AD ![]() To: AzureAD/microsoft-authentication-library-for-dotnet Yordan Rouskov Mention Re: ID token is only refreshed when Access token is expired (Issue #3119) Is there an assumption that all tokens lifetime is same? If so, we may have a problem.įrom: Hirsch Singhal Thursday, Janu9:00 AM Also AT1 and AT2 can have different lifetimes. Since ID token target is client app, it may have different lifetime than AT. Yep, lifetime can be determined by policy attached to the target SP/app. I cannot not prove this bug easily with the steps to reproduce it, because I have to wait for the exact moment, but I have experienced this issue today Then the user cannot login to our application in the 5 min. Say, for example the ID token is valid for 55 min, but the Access token is valid for 60 min. The ID token can have a different lifetime than the Access token. ![]() #EVERNOTE DESKTOP AUTHENTICATION TOKEN EXPIRED DOWNLOAD#The access token (scope=) is used in the VSTO addin to download files from SharePoint online, but not to call our REST service. To connect with this REST service the user must identify itself with a valid ID token. We have a VSTO Addin which connect with a REST service. #EVERNOTE DESKTOP AUTHENTICATION TOKEN EXPIRED CODE#This means that, for the default case, if you specify these permissions explicitly, Azure AD may return an error.Īdditional context / logs / screenshots / links to code Important The Microsoft Authentication Library (MSAL) currently specifies offline_access, openid, profile, and email by default in authorization and token requests. Maybe, I should also specify more scopes as suggested here: The ID token is only refreshed when Access token is expired. When ID token is expired then a new ID token should be requested by AcquireTokenSilent() call. Return getServiceStackBearerTokenByMSALIDToken( authResult) Throw new AuthenticationUIRequiredException() The app is in production, I haven't upgraded MSAL, but started seeing this issue. The app is in production, and I have upgraded to a new version of MSAL.ī. #EVERNOTE DESKTOP AUTHENTICATION TOKEN EXPIRED WINDOWS 10#MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise AT expiration time: 20-1-2022 14:34:04 +00:00, scopes openid profile User.Read email source Cache from appHashCode 32290900Ī. = Token Acquisition finished successfully:" MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Fetched access token from host . MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Returning access token found in cache. RefreshOn exists ? False MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Access token is not expired. MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Azure region was not configured or could not be discovered. Not using a regional authority. "MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise = Token Acquisition (SilentRequest) started:Īuthority Host: " ![]() "MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Įxtra Query Params Keys (space separated) -ĬorrelationId - 622c0827-31cc-4751-afd5-0c1d146d015a" MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise ForceRefresh: False MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Account provided: True MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise LoginHint provided: False MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise = AcquireTokenSilent Parameters = ![]() MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise MSAL MSAL.Desktop with assembly version '4.36.1.0'. MSAL: False MSAL 4.36.1.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise Found 1 cache accounts and 0 broker accounts ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |