question

LaszloPenzes-0893 avatar image
0 Votes"
LaszloPenzes-0893 asked ·

ADFS 3.0 OAuth refresh token expiration

Hi,

I'm struggling with a problem at one of my customers. An external web application is querying a RESTful service which is secured by ADFS 3.0 (Windows Server 2012 R2).

I configured a Relying Party Trust and created a client application with a redirect uri.

  • User initiates logon within external web app (Cyclr integration tool)

  • On ADFS login dialog, types email/password and ticks "keep me signed in"

  • External web app receives authorization code

  • Using the auth code, gets a set of OAuth tokens (access and refresh token)

  • When access token expires, gets a new access token by using refresh token

  • When refresh token is about to expire, external web app should get a new refresh token as well, but it doesn't

I found documentation regarding ADFS 4.0 (Windows server 2016) only:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

According to it, a refresh_token_expires_in parameter should be received and the client (int this case external web app) can get a new refresh token when the old one is about to expire. Now we don't receive any such parameter and can't get a new refresh token.

Is there a way to convince ADFS 3.0 to work as expected?

Thank you,
Laszlo

adfs
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers