Summary
You cannot use ADAL to configure the expiration time of tokens. ADAL is an authentication library that helps you interact with the token service, but you can set the token lifetime configuration on your Service Principal, Application, or Tenant.
You'll need to use Powershell to create a policy describing the behavior you want, and link it to your service principal, tenant, or application. Keep in mind, if you're building a multi-tenant app, the owner of the tenant can overwrite your policy.
tl;dr: Don't rely on the token lifetime in your app as it can change at any time.
Create and set the Token Lifetime Policy
You can set these properties using Azure AD Powershell Commands. Then run the following commands to set an access token lifetime:
- Sign in to Powershell.
Connect-AzureAD -Confirm
- Create a new policy to set the Access Token lifetime to 2 hours. You can change this to be between 10 minutes and 1 day.
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00","MaxAgeSessionSingleFactor":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
- Get the policy's ObjectId.
Get-AzureAdPolicy
- Link the new policy to your application. You can get the objectId of your app using the GraphExplorer.
Add-AzureADApplicationPolicy -Id <ObjectId of the Application> -RefObjectId <ObjectId of the Policy>
For more examples and the full documentation, check out Azure AD Configurable Token Lifetime.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
