from okta auth0 how can i increase the azure ad token validity?

Question

I'm using Okta as the identity provider for user management and have integrated Azure AD with Auth0 for authentication. However, when i retrieve user information after authentication using this API of auth0

url = 'https://' + AUTH0_DOMAIN + '/api/v2/users/' + user_id

I notice that the providers access token remains the same each time I call the API. Is there a way to get different token. If not, then how can i increase the expiry time of provider access token as My auth0 expiry time is 72hr and azure ad is 1hr.

I have used this but it didn't help me : https://learn.microsoft.com/en-us/entra/identity-platform/configure-token-lifetimes#create-a-policy-and-assign-it-to-a-service-principal

Answer 1

To increase the token lifetime of the Azure AD access token, you can make use of Microsoft Graph Explorer or PowerShell:

POST https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies
Content-type: application/json

{
    "definition": [
        "{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"23:59:59\"}}"
    ],
    "displayName": "token lifetime policy",
    "isOrganizationDefault": true
}

For sample, I generated access token and the token lifetime is 24 hours:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
grant_type:client_credentials
scope:https://graph.microsoft.com/.default

Note that: The Azure AD access token lifetime can be set withing 10 mins to 24 hours.

• You can assign the token lifetime policy to a Service Principal instead of whole organization. Check this MsDoc
• You can also make use of below PowerShell script instead of Microsoft Graph Explorer. Refer this MsDoc
• Make sure to have Policy.ReadWrite.ApplicationConfiguration permission consented to perform the action.