I'm struggling with a problem at one of my customers. An external web application is querying a RESTful service which is secured by ADFS 3.0 (Windows Server 2012 R2).
I configured a Relying Party Trust and created a client application with a redirect uri.
User initiates logon within external web app (Cyclr integration tool)
On ADFS login dialog, types email/password and ticks "keep me signed in"
External web app receives authorization code
Using the auth code, gets a set of OAuth tokens (access and refresh token)
When access token expires, gets a new access token by using refresh token
When refresh token is about to expire, external web app should get a new refresh token as well, but it doesn't
I found documentation regarding ADFS 4.0 (Windows server 2016) only:
According to it, a refresh_token_expires_in parameter should be received and the client (int this case external web app) can get a new refresh token when the old one is about to expire. Now we don't receive any such parameter and can't get a new refresh token.
Is there a way to convince ADFS 3.0 to work as expected?