B2C token still valid after the exp time #6229
Labels
answered
Question has received "first qualified response"
b2c
Related to Azure B2C library-specific issues
msal-browser
Related to msal-browser package
msal-react
Related to @azure/msal-react
public-client
Issues regarding PublicClientApplications
question
Customer is asking for a clarification, use case or information.
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
2.37.1
Wrapper Library
MSAL React (@azure/msal-react)
Wrapper Library Version
1.5.8
Public or Confidential Client?
Public
Description
I have my reactJS SPA and I have my web api hosted in an Azure VM. I put APIM in front of the VM and the APIM validates token against B2C for authorization.
In the B2C User Flow, I have set the token lifetime to 5 minutes;
In the SPA, when I first log in, it works well and I can make calls to the web APIs with no problem. However, even though I set the token lifetime to 5 minutes, it is still valid after the
exp
time; It only becomes invalid after around 10 minutes; So weird;This behavior looks very much like a bug on Azure's side.
Any ideas?
MSAL Configuration
Identity Provider
Azure B2C Basic Policy
Source
Internal (Microsoft)
The text was updated successfully, but these errors were encountered: