This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 80%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
I have B2C integrated with my Azure API Management service for authorization. I've been trying to adjust the session behavior in my user flow, setting the Web app session lifetime (minutes) to 15 minutes. In the token lifetime, I've also set the Access & ID token lifetimes (minutes) to 15. However, when I inspect the page and look at the token's headers, I see that the Set-Cookie header for the token states that it's going to expire in a hour. Why is this issue arising?
I've done some research into the issue, and found this post about this issue: https://stackoverflow.com/questions/58835708/changing-azure-ad-b2c-access-token-lifetime-doesnt-work They are encountering the same issue as me, however it hasn't been updated - I was wondering if this issue may have already been fixed as it was an issue back in 2019.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hello @hawthorne91
I am checking this and will get back to you with further inputs.
Thanks,
Akhilesh.
Thank you for checking, I look forward to your response!
Hi @hawthorne91
Sorry for the delay in response.
I have tested your scenario, and I have seen the token lifetime is same as configured in Azure AD B2C
Could you please check by try to Configure token lifetime and Request an access token and decode the token by using https://jwt.ms and check the token exp to know the expiration and is it is same as configured.
Hope this helps. Do let us know if you any further queries by responding in the comments section.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi Akhilesh Vallamkonda, thank you for the reply.
So I've tried obtaining a token, however when I follow the link you provided (https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens), I get stuck at the part where I insert the scope name in the authorization endpoint, as I do not have any scopes listed. Do I need to add a scope?
@hawthorne91
yes, in order to get access token, you need scope, which is <application-ID-URI> - The application identifier URI that you set under Expose an API blade of the client application.
<scope-name> - The name of the scope that you added under Expose an API
Thank you for the response! Currently this portal is pushed out to external users, will creating a scope make the portal inactive? I just don't want to shut down portal functionality by creating the scope.