• fr
  • Using OpenIdConnect with Azure AD, Angular5 and WebAPI Core: Token lifetime management

    This article is the continuation of the following article: Using OpenIdConnect with Azure AD, Angular5 and WebAPI Core: Azure AD configuration

    By default, tokens have a lifetime of 1h, we’ll see how to manage their lifetime.

    Download Azure Active Directory Powershell module

    Because there is no UI for tthis, we have to go with Powershell commands to manage our tokens and Microsoft’s session.

    Go to Powershell Gallery and download the module:

    Connect to your Azure account

    Connect-AzureAD -Confirm

    Then type your login / password in modal.

    Create a policy

    If you have not set a policy yet, you have to create one with the following command:

    New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"03:00:00","MaxAgeSessionSingleFactor":"24:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"

    AccessTokenLifetime is the duration in hours of the token with a minimum value of 10 minutes and a maximum value of 24 hours.

    MaxAgeSessionSingleFactor is the duration in hours and days of the Microsoft session with a minimum value of 10 minutes and a maximum value of Until-revoked (infinite)

    Get your policies

    If you want to manage your policies you need to display them then identify their Id:

    Get-AzureADPolicy

    Then you should see something like this:

    Modify your policies

    After identifying Id of the policy you want to modify, type the following command to modify the token lifetime policy and / or Microsoft session:

    Set-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"02:00:00","MaxAgeSessionSingleFactor":"12:00:00"}}') -Id <ObjectId of Policy> -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false
    

    Remove your policies

    You can also remove your policies if you wish:

    Remove-AzureADPolicy -Id <ObjectId of Policy>
    Let's get acquainted
    Want to learn more and/or collaborate with us?

    We can't wait to hear from you.