How to trigger an session expired popup after ten minutes using @msal - react and azure ad

Question

1. Auth Provider : Azure Active Directory
2. Client library : @azure/msal-react

As explained here my msal token expires after one hour MSAL token expires after 1 hour, My requirement is I would like to configure a session time of 15 minutes ( or 10 minutes) after which I wanna trigger a popup, saying please login again? Is there a way to do using msal-react.

Currently, after one hour am calling acquireTokenSilent to acquire the new token, using which client is unaware that this happened and client thinks it has infinite lifetime for the session.

Here is the implementation

export const refreshIdToken = async (msalInstance: IPublicClientApplication) => {
  const account = msalInstance.getActiveAccount();
  try {
    if (account != null) {
      const token = await msalInstance.acquireTokenSilent({
        scopes: loginRequest.scopes,
        account
      });

      return token.idToken;
    }
  } catch (error) {
    if (error instanceof InteractionRequiredAuthError) {
      return msalInstance.acquireTokenRedirect(loginRequest);
    } else {
      console.error(error);
    }
  }
};


const token = await refreshIdToken(msalInstance);// This will never expires , as it always refresh after one hour internally
axios.defaults.headers.common["Authorization"] = `Bearer ${token}`;
//api call

What are the steps I need to configure from Azure AD end or client code end?

Thanks in advance.

Answer 1

You can specify the lifetime of token of access, ID or SAML token issued by the Microsoft identity platform. You can set the lifetime of token for specific service principle in your organization. However, Microsoft does not currently support configuration token lifetime of Manage identity service principle.

Note: Configuration token lifetime policy only applies to mobile and desktop clients that access SharePoint online and OneDrive for business resources but id does not apply to web browser sessions.

For the new update of 2021, you cannot configure the refresh token and session token lifetime. New tokens issues after existing tokens have expired are now to set to the default configuration.