-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GraphServiceClient token expiration on EasyAuth App Service with session lifetime cookie #2880
Comments
Were you able to find a solution for this? I am running into the same issue |
No. I hope to get an answer from Microsoft here.. |
No answer yet on this? it also happens if you create a web app, in my case, I'm having an error similar to this when using asp OWIN in MVC .Net Framework app. I thought Identity.Web would handle refresh tokens by itself. |
@mwiedemeyer If you have Easy Auth enabled, it is maintaining the state, so you would need to reach out to them. If you want Id Web to handle this, then you would disable Easy Auth. You would provide the app ID and certs created from Easy Auth in the appsettings.json and disable Easy Auth in the portal. |
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
2.19.0
Web app
Sign-in users
Web API
Protected web APIs call downstream web APIs
Token cache serialization
In-memory caches
Description
I'm using Azure App Service EasyAuth and
Microsoft.Identity.Web
andMicrosoft.Identity.Web.GraphServiceClient
with the following code in a Blazor 8 SSR web app:The issue here is, that the user is logged in even after 1h, because of the "session" lifetime of the App Service auth cookie
AppServiceAuthSession
. However, the injectedGraphServiceClient
looses access after 1h because the token expires.Here is the detailed explanation from March without an answer.
Reproduction steps
Program.cs
:MyCustomGraphService.cs
:TestUser
method with a button click. Then wait >1h and test againError message
Message: Lifetime validation failed, the token is expired.
Id Web logs
No response
Relevant code snippets
Regression
No response
Expected behavior
Not sure, how this should work. However I want to work with the web app even after 1h without restarting my browser.
The text was updated successfully, but these errors were encountered: