Token expiration #46
Comments
|
It is true that we did not even mention "token expiration", "token refresh" or "token cache" concept in this web app sample's README. We hope our sample can just do all the right things out of the box, so that our customers do not have to. As the way this sample currently being organized, the tokens would be persisted inside the token cache, which in turn is persisted inside a session; tokens are automatically reused, and refreshed when necessary. Feel free to ask whatever question you want to know. We'd love to see your usage and scenario, and see what we can do. |
|
It seems to me that if, for example, you had a session with a 30-day expiration, then you actually wouldn't any of the msal code during that 30-day period (unless the user manually logged out). So in that scenario it seems that the token expiration would not be honored at all. I'm referring to this line: https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L22 It seems that there needs to be something that checks tokens periodically so that the token reuse and refresh has a chance to execute. |
If I misunderstood your question, please help rephrase your question in the following form so that we know what you exactly want. "Repro steps 1... 2... 3... And then I observe XYZ but I expect ABC". |
|
Thanks, Ray. My scenario is user sign in. I understand your description under both bullet points. What it sounds like is that I'll just have to let our AD administrators and developers know how this works. The session expiration is separate from the token expiration, and therefore revoking a user's access to my web app could not necessarily be accomplished solely through AD. |
|
PR #49 |
It's not clear to me that the token expiration is reconciled with the token cache. As I understand it, msal can handle token refresh, but it seems that if we just hit the cache
The text was updated successfully, but these errors were encountered: