Increasing Azure AD Access Token Lifetimes

By default, Azure AD Access Tokens have a lifetime of 1hour. Especially for single page apps, it’s very inconvenient. Users have to re-login every hour. Ideally, it’s just one redirect to the login of Azure AD, and there they still are within their session, and AD redirects them back to your app. However this can still be very painful, e.g. if the user does something within your app, and gets pretty much logged out because all API calls fail due to an expired token. My experience is, that 1 hour is too short. It has security benefits of course, but the complexity in the app increases significantly if you start dealing with expired tokens, saving state to local storage, and transmitting data after a successful re-login for example. Read more