Session Expiring in 1 hour due to Access Token in Azure Ad OpenIdConnectAuthentication

Question

In our application we are using Azure Ad OpenIdConnectAuthentication to sign in which will redirect to "https://login.microsoftonline.com/" when calling our application

I think some reason refresh tokens are not generating in our single page application and forcing the user to sign out after 1 hour because of the access token(which will expire in 1 hour).

I've read a too many blogs but I can't get my answers.Any suggestion much appreciated.

Here is my code :

app.UseOpenIdConnectAuthentication(
              new OpenIdConnectAuthenticationOptions
              {
                  ClientId = clientId,
                  Authority = Authority,
                  PostLogoutRedirectUri = postLogoutRedirectUri,

                  Notifications = new OpenIdConnectAuthenticationNotifications()
                  {

                      AuthorizationCodeReceived = (context) =>
                      {
                          var code = context.Code;

                          ClientCredential credential = new ClientCredential(clientId, appKey);
                          string userObjectID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
                          AuthenticationContext authContext = new AuthenticationContext(Authority, new CustomTokenCache(userObjectID));

     //getting the tokens from below line (Access token with expiry time)
                          AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
                          return Task.FromResult(0);
                      },

                      AuthenticationFailed = context =>
                      {
                          context.HandleResponse();                           
                          context.Response.Redirect("/");
                          return Task.FromResult(0);
                      }

                  }

Answer 1

We usually acquiring the token via the implicit flow instead of authorization code grant flow for the SPA application.

The token will return from the authorization endpoint directly instead of from token endpoint. And we can enable it by modify the app's manifest oauth2AllowImplicitFlow property to true to enable the implicit flow.

To renew the access token when it is expired in the implicit flow, we can perform the a hidden iframe request and add the prompt parameter and set its value to none so that users not required to enter their credential again.

To develop easily, we can use the ADAL library provided by Microsoft for the SPA application. We can renew the token via the AuthenticationContext.prototype._renewToken methoed.

More detail about implicit flow, you may refer the links below:

Authentication Scenarios for Azure AD -(Single Page Application (SPA) section)

Understanding the OAuth2 implicit grant flow in Azure Active Directory (AD)

v2.0 Protocols - SPAs using the implicit flow