Search code examples
azureoauth-2.0microsoft-graph-apioutlook-api

What is the expiry time of refresh token issued by Microsoft Azure OAuth2.0?

What is the expiry time of the refresh_token issued by Azure OAuth2.0 using the following link :

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com

Sample response :

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
    "token_type": "Bearer",
    "expires_in": 3599,
    "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
    "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}
Solution

  • This is described in the documentation for v2: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens#token-lifetimes

    For Azure AD users, 14 days, personal accounts 1 year.

    But of course if you get a new token with the refresh token, you also get a new refresh token there.

    But also like the docs say, you must not rely on these. Refresh tokens can become invalid for various reasons, for example if the user's password is reset.