pythonazure-active-directoryauth0okta

from okta auth0 how can i increase the azure ad token validity?


I'm using Okta as the identity provider for user management and have integrated Azure AD with Auth0 for authentication. However, when i retrieve user information after authentication using this API of auth0

url = 'https://' + AUTH0_DOMAIN + '/api/v2/users/' + user_id

I notice that the providers access token remains the same each time I call the API. Is there a way to get different token. If not, then how can i increase the expiry time of provider access token as My auth0 expiry time is 72hr and azure ad is 1hr.

I have used this but it didn't help me : https://learn.microsoft.com/en-us/entra/identity-platform/configure-token-lifetimes#create-a-policy-and-assign-it-to-a-service-principal


Solution

  • To increase the token lifetime of the Azure AD access token, you can make use of Microsoft Graph Explorer or PowerShell:

    POST https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies
    Content-type: application/json
    
    {
        "definition": [
            "{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"23:59:59\"}}"
        ],
        "displayName": "token lifetime policy",
        "isOrganizationDefault": true
    }
    

    enter image description here

    For sample, I generated access token and the token lifetime is 24 hours:

    https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
    
    client_id:ClientID
    client_secret:ClientSecret
    grant_type:client_credentials
    scope:https://graph.microsoft.com/.default
    

    enter image description here

    Note that: The Azure AD access token lifetime can be set withing 10 mins to 24 hours.