how do we renew idtoken using msal?

9
votes

I am currently trying to develop an SPA application with a webapi, I am using msal for login. The flow is the user logs in, gets an idtoken (used to authorize for my api), gets an access token (for graph api) using acquiretokensilent method. I renew the idToken right before an hour using acquiretokensilent by passing clientID in scopes. But still the I am logged out after the idToken expires. I see that it doesn't get refreshed in the browser storage.

SO my question is, is there anyway I can renew the id Token and keep the user logged in? Any help will be great.

3
azure-active-directoryazure-ad-b2cmsalmsal.js

3 Answers

3
votes

The expiration time for ID tokens in Azure AD is 1 hour. As long as the user session with AAD is active, the acquireTokenSilent method will be able to renew the idtokens. However, if the AAD session is expired, the token renewal will result in a failure. You will need to handle the failure with an interactive call prompting user to sign in again.

You can read here for ways to extend the Signed in AAD session. Also, you have the option to configure the lifetime policy for id tokens as documented here.

1
votes

acquireTokenSilent(scopes: Array, authority?: string, user?: User, extraQueryParameters?: string): Promise - Used to get the token from cache. MSAL will return the cached token if it is not expired Or it will send a request to the STS to obtain an access token using a hidden iframe. To renew an idToken, the clientId should be passed as the only scope in the scopes array.

https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Public-APIs

Any chance that when you try to refresh your token, you're actually retrieving it from the cache because it isn't expired yet?

0
votes

Unfortunately AAD does not support refreshing the ID token. Only the access token can be refreshed. See here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens. Besides, if you want to know more about token,please refer to the document.