question

TonyRR-6584 avatar image
0 Votes"
TonyRR-6584 asked alfredorevilla-msft commented

Azure B2C Custom Policy OAuth2 bearer authentication with cached access token that expires every 1 hour

I would like confirmation, on setup being possible, and direction on achieving the following:

Azure B2C Custom Policy OAuth2 bearer authentication with token that expires every 1 hour

Steps which would be part of the Custom Policy Orchestration steps:
1. If not access token has been retrieved or it has expired (token are valid only for 1hr), then Custom Policy retrieves access token from a federated identity provider
a. Requires logging-in, then retrieving of access token (two different restful api calls)
b. Store access token with validaty of 1 hr
2. Access token is used to access an external Api that verifies its validity

My question specifically in in regards to this caching mechanism, since this flow fits the static bearer token described here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/secure-rest-api?tabs=windows&pivots=b2c-custom-policy#using-a-static-oauth2-bearer

Except the access token value would need to be set dynamically every 55 minutes.

Thank you

-Tony RR

azure-ad-b2c
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alfredorevilla-msft avatar image alfredorevilla-msft ·

Hello @tonyrr-6584, do you need additional assistance? Was the provided answer helpful? If it was, please remember to accept it so that others in the community with similar questions can more easily find a solution.

0 Votes 0 ·

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered

Hello @tonyrr-6584, Azure AD B2C cannot validate the expiration timestamp for a access token stored as a secret nor handle it inside a Custom Policy.

Regarding the stored access token you can replace the whole keyset or upload a new access token using Update trustFrameworkKeySet or trustFrameworkKeySet: uploadSecret operations respectively after 55 minutes have passed.

Please let us know if you need additional assistance.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.