BA 08 – Azure Access Token
An Azure access token is a JSON Web Token (JWT) issued by Entra ID upon successful authentication. This token contains information about the authenticated user or application, including their identity, assigned roles and permissions, and details about the authentication session. Understanding various aspects of Azure access tokens involves considerations of token lifetime, expiration, and the use of refresh tokens.
Token Lifetime: Azure access tokens have a limited lifetime, typically expressed in seconds. The default lifetime is one hour (3600 seconds). This means that once issued, the token remains valid for a specified duration, after which it expires.
Token Expiration: When an access token reaches its expiration time, it becomes invalid. This design helps enhance security by reducing the window of opportunity for an attacker to misuse a stolen or intercepted token. To continue accessing resources, a new token must be obtained through reauthentication.
Refresh Tokens: In scenarios where long-lived access to resources is needed without requiring the user to re-enter credentials, Entra ID issues refresh tokens. A refresh token has a longer lifespan than the access token and can be used to obtain a new access token without user interaction. It is crucial to protect refresh tokens as they represent persistent access to resources.
Token Revocation: Access tokens can be revoked before their expiration if needed. Revocation might occur due to security concerns, such as a compromised