![]() By default, the subject claim is populated with the object ID of the user in the directory. It can be used to perform authorization checks safely, such as when the token is used to access a resource. This value is immutable and cannot be reassigned or reused. Subject (sub) claim - The principal about which the token asserts information, such as the user of an application. ![]() ![]() Issuer (iss) claim - The access and ID token issuer format.You can configure the token compatibility, including: allow_infinite_rolling_refresh_token - Refresh token sliding window lifetime never expires.If you don't want to enforce a sliding window lifetime, set the value of allow_infinite_rolling_refresh_token to true. rolling_refresh_token_lifetime_secs - Refresh token sliding window lifetime (seconds).refresh_token_lifetime_secs Refresh token lifetimes (seconds).id_token_lifetime_secs - ID token lifetimes (seconds).token_lifetime_secs - Access token lifetimes (seconds).The following values are set in the previous example: The token issuer technical profile looks like following example: To change the settings on your token compatibility, you set the Token Issuer technical profile metadata in the extension, or the relying party file of the policy you want to impact. The following diagram shows the refresh token sliding window lifetime behavior. The value must be greater than or equal to the Refresh token lifetime value. Lifetime length (days) - After this time period elapses the user is forced to reauthenticate, irrespective of the validity period of the most recent refresh token acquired by the application.No expiry indicates that the refresh token sliding window lifetime never expires. Bounded indicates that the refresh token can be extended as specify in the Lifetime length (days). Refresh token sliding window lifetime - The refresh token sliding window type.Refresh token lifetime (days) - The maximum time period before which a refresh token can be used to acquire a new access token, if your application had been granted the offline_access scope.The maximum (inclusive) is 1,440 minutes (24 hours). Access and ID token lifetimes (minutes) - The lifetime of the OAuth 2.0 bearer token and ID tokens.You can configure the token lifetime, including: Complete the steps in Get started with custom policies in Active Directory B2C.
0 Comments
Leave a Reply. |