As I am planning to have OAuth or OWIN JWT Bearer token for my authentication, I have following requirements for which I dont know the solution or grant type to suggest. I would appreciate a small example code especially how a payload will look like and claims will look like AND the Grant Type I should have for this below:
- I have angular 8 UI which asks for Username/password (Azure AD Authenticated)
- User logs in, then should have facility to copy paste the URL (In session) to another tab or new browser.
- User when working (Its a call center case manager and so uses session for long time), the token shouldn't expire while he/she works. I studied that token will expire on time we set and no way to control this. Now, unless we have "Refresh" token, we can't achieve this, i.e user should have seamless experience to continue task even if token expires as refresh token should be used (Or whatever the mechanism).
If I use refresh token, then only authorization code grant type is possible where userID/password not safer. If I choose "Impliit" grant type, no refresh tokens available in this.
I am not sure how to achieve all points above. Please guide
In case of implicit grant flow , the SPA has to send a request in hidden iframe to get the token refreshed. Base on valid browser session the application request for refreshed token access.
For Azure AD, You should be using microsoft-authentication-library-for-js , and this library provide this feature out of box using acquireTokenSilent method.
I would highly recommend going through implicit grant flow document and you will get very good understanding. Implicit Grant Flow
I am not sure you can find complete example but i can give you few links with code samples and all of them would make up complete example. Also i can't see any Angular 8 Library , the given library is for Angular 6,7 but probably same can be used for Angular 8 as well.
For Angular you might have to use this library microsoft-adal-angular , and Example How to use microsoft-adal-angular
In the given link you can find how to refresh the token as above example is missing that part. Refresh Token Code