3

We are using Azure Active Directory B2C to authenticate users into our app, we use a user flow to let the user enter their credentials. after receiving the access token from azure we generate an app token that contain app related information.

we recently added the keep me sing in feature but it seems that there is no way to know in the response if the user has checked it or not? even the returned access token still expires after 60 minutes. this causes a problem for us since our app logs-out the user automatically after the token time's out. but if the user choose to stay signed in we want to stop this behaver. SO how can we tell if the user checked the keep me signed in? I've read a lot in Microsoft docs and searched a lot with no luck to find a way! the one thing I found was a KMSI attribute but it can only be added in custom policy's. witch is kinda hard to do now.. is there a way to get such an indicator from the user flow?

Baraa Al-jabali
  • 137
  • 3
  • 9

1 Answers1

0

You can get the KMSI Boolean in the token using custom policies and claims resolvers.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview

However, this shouldn’t be needed in your scenario. When access token expires, the refresh token is used to redeem a new access token. If the refresh token is expired, then the B2C cookie is used to perform single sign on via the B2C login page.

The user is only logged out if all of the above are expired/invalidated.

More to read here What does KMSI in Azure B2C actually DO?

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20