I encountered a weird problem.
I have no problem logging into ADAL
WITH
authContext.acquireTokenWithResource(resourceUrl, clientId: clientId, redirectUri: redirectUri, promptBehavior: AD_PROMPT_ALWAYS, userId: nil, extraQueryParameters: "nux=1&login_hint=desmondkoh@")
AND
authContext.acquireTokenSilentWithResource(resourceUrl, clientId: clientId, redirectUri: redirectUri)
BUT
say if a user changed their password, I can still log into via acquireTokenSilentWithResource
so my question is How long does access token in cache expire for iOS when a user changed the password?
cheers
Des
It can take up to an hour for a password change to force a user to re-authenticate in a particular application.
A password change does not invalidate any access tokens. All the access tokens have a specific expiry time, usually one hour for AAD tokens, and they will remain valid until that expiry time has been reached. Once the access token expires the next acquireToken request will cause ADAL to attempt to exchange the refresh token for a new access token at AAD. It is at this time that a failure can occur if the user has changed their password. The AAD service will notice that the user associated with the refresh token as changed their password and reject the request to silently acquire a new access token.