Is there a way to have usernames/passwords only work for 1 hour to an Azure website? I've looked into expiring tokens, but I'm not sure if that's the right idea.
0
votes
1 Answers
0
votes
Great question. But right now - no, there is no way to make an AAD user be only active for given period of time. Tokens always expire. An application typically only needs the token at first authentication step (when the user came from the Security Token Service) - to validate it and extract claims and eventually a refresh token. After that the original token is no longer used anyway.
