Hi - not sure what issue template to use here, please let me know if you'd like me to update.
I have some odd behavior that I'm not understanding.
I am using the OAuth Auth Code flow and my builder code looks like so:
var app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithClientAssertion(assertion)
.WithAuthority(AzureCloudInstance.AzurePublic, AadAuthorityAudience.AzureAdMyOrg)
.WithTenantId(tenantId);
I am building the claims like so:
string aud = $"https://login.microsoftonline.com/{tenantId}/v2.0";
const uint JwtToAadLifetimeInSeconds = 60 * 10; // Ten minutes
DateTime validFrom = DateTime.UtcNow;
var nbf = ConvertToTimeT(validFrom);
var exp = ConvertToTimeT(validFrom + TimeSpan.FromSeconds(JwtToAadLifetimeInSeconds));
return new Dictionary<string, string>()
{
{ "aud", aud },
{ "exp", exp.ToString() },
{ "iss", clientId },
{ "jti", Guid.NewGuid().ToString() },
{ "nbf", nbf.ToString() },
{ "sub", clientId }
};
We build and persist one client per user session. If a user's session is long running (hours) we start getting the following error message from AAD: "AADSTS700024: Client assertion is not within its valid time range"
I believe this is because WithClientAssertion is called during client build time, but the exp claim expires in 10 minutes and we do not build a new client unless the user's session is ended.
Is there a way to update the ClientAssertion without having to rebuild the client again?
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4