Specify expiration time when requesting access token in microsoft login oauth2 v2.0
I am generating a JWT token by making a post to this URL to log in to Microsoft: https://login.microsoftonline.com/{{TENANT_ID}}/oauth2/v2.0/token I am doing some integration tests and I want to test the authentication of my API, for this I need to generate a token that lasts very little time, something like 5 minutes or less, and the defaults last 1 hour. I have not found information about this in the documentation.
I hope to be able to set an exact expiration time.
The minimum duration of Access Token Lifetime is 10minutes.
To configure accessTokenLifetimePolicy , you should have atleast Microsoft Entra ID P1 license.
Initially, I registered Microsoft Entra ID application, gave necessary API permission and granted admin consent like below:
Now, generated access token using client credential flow using below code snippet:
GET https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
client_id=<app_id>
client_secret = <client_secret>
grant_type = client_credentials
scope= https://graph.microsoft.com/.default
After generating access token, I tried to configure AccesstokenLifeTimePolicy for 5 minutes using below code snippet but get error like below:
Authorization : Bearer token
Body : raw
POST https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies
{
"definition": [
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"00:05:00\"}}"
],
"displayName": "New token lifetime policy for application",
"isOrganizationDefault": false
}
Using same access token, I successfully configured AccesstokenLifeTimePolicy for 10 minutes using below code snippet :
Authorization : Bearer token
Body : raw
POST https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies
{
"definition": [
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"00:10:00\"}}"
],
"displayName": "New token lifetime policy",
"isOrganizationDefault": false
}
Now, assigning tokenLifetimePolicies to application using below parameters:
Authorization : Bearer Token
Body: raw
POST https://graph.microsoft.com/v1.0/servicePrincipals/<ServicePrincipalID/tokenLifetimePolicies/$ref
{
"@odata.id":"https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies/<policy-id>"
}
So, when I generated the access token with resource API scope of assigned application, it will give the access token having 10 minutes lifetime successfully as below:
Reference:
Minimum duration token lifetimes
Set lifetimes for tokens - Microsoft identity platform | Microsoft Learn
- Scope is not being added to Access Token returned from Azure Ad
- az cli : create container app via yaml fail due to parsing to json
- Display agents API ADO with SystemCapabilities filter
- Azure devops variables are not updating
- Azure DevOps Pipeline Throwing Error with Terraform While Deploying to Azure
- Azure AppService and SQL Server in Docker compose can't connect
- The required field 'nonce' is missing from the credential. Ensure that you have all the necessary parameters for the login request. [Azure Open ID]
- MongoDB - conditional uniqueness constraints on different "id" fields
- Retry delay on Function with Azure ServiceBus queue trigger
- Azure Static Web App: Add an header for each JS file
- How to configure Application Insights for sending telemetry from .net 4.8 application
- IServiceCollection does not contain a definition for AddAzureClients
- How to authenticate with Azure ACR from Azure container app service
- Azure Cli how to change subscription default
- Problem RDP to Azure Virtual Desktop through Azure Firewall
- az role assignment delete: The request did not have a subscription or a valid tenant level resource provider
- Azure PIM Role Settings for Owner role
- Graphclient ArgumentException: Only HTTP/1.0 and HTTP/1.1 version requests are currently supported. Parameter name: value
- Azure Static Web App ignoring config json sometimes
- How do I avoid "Couldn't find a metric" when creating a metric alert in Bicep
- Using Az.Websites module to set up user assigned managed identity to pull image from ACR
- resource not found with Azure OpenAI service
- Why I'm getting 404 Resource Not Found to my newly Azure OpenAI deployment?
- Azure Service Bus Topic - Using REST API to Send Message - Message going into Dead Letter Queue
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Azure Service Bus - REST API - Sending a message to a Session Enabled Topic/Subscription
- How are you supposed to install a Python library using azure webapp as template?
- Could not load file or assembly "System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
- Search-AzQuery querying authorizationresources returns 0 records
- Azure APIM: Identifying the API resource id from the portal