question

FerencSzab-4432 avatar image
0 Votes"
FerencSzab-4432 asked amanpreetsingh-msft answered

AD B2C SSO Session lifetime

We have an MSAL.js client and B2C as identity provider. According to this doc, since PKCE is used, the maximum refresh token is 24 hours: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/token-lifetimes.md#refresh-tokens
Even if we redeem the token, the new token also shares the same expiration time.
To keep the user logged in, we can silently log them in, but the maximum session time is 24 hours (SessionExpiryInSeconds in https://docs.microsoft.com/en-us/azure/active-directory-b2c/relyingparty#userjourneybehaviors)
If we don't want to prompt the user for login after 24 hours inactivity, we need the "Keep me signed in" enabled in our custom policy.

Can you confirm that this is the only way to keep the user logged in even after 24 hours of inactivity?

Thank you!

azure-ad-b2c
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Also, is there a way to set the Keep Me Signed In checkbox checked in by default?

0 Votes 0 ·

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @FerencSzab-4432 asked · Thank you for reaching out.

Yes, as the 24 hours time is a non-adjustable, non-sliding window, the only option available is to use "Keep me signed in". In order to set the KMSI checkbox checked by default, you need to use JavaScript as there is no option available for this purpose in B2C user flow or custom policy.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.