Azure AD B2C OpenID Connect Refresh token

Question

I followed this example https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi from the Azure AD B2C documentation page

Answer 1

From the article you linked, I understand that you are trying to add sign in to you app. If signing in is your only goal, then you would not require to use the access_token. The code related to acquiring an access token is not necessary until you want to call an API/service using the access token. For the purpose of sign in the id_token should be sufficient.

Having said that, the id_token also has the one hour lifetime. To extend the session, you have a couple of options:

1. The easy option is to separate the application session lifetime from the token lifetime. You can do this by passing UseTokenLifetime = false to the OpenIdConnectAuthenticationOptions in the middleware.
2. You can associate your session lifetime with the Azure AD session lifetime. This would involve adding logic to renew your app's session by making a sign in request to Azure AD from a hidden iframe.

You can read more about these approaches and the trade offs in this blog post.

Answer 2

IIRC there is no option available to auto renew from the library it self but there are multiple options you can adopt to achieve that... Simple one is from JavaScript

1. Put a timeout function in JS and make that trigger before token going to expire. You can get that from token expiration time.
2. Trigger MVC action / REST API method from JS and get new accestoken from B2C and update accestoken with new one.

Answer 3

The MSAL library (which is being used to exchange the code for the token in the sample) automatically calls the Azure AD B2C endpoint to exchange the refresh_token for a new access_token. You shouldn't need to deal with it.