How can I refresh/extend Azure App Proxy access cookie?

Question

I'm working on a web application that will be installed on-prem behind Azure App Proxy. I can authenticate with OAuth and access the app successfully, but the authentication token is only good for an hour, after which my application is kind of dead because none of its API calls make it through the proxy.

So I'd like a way to keep that access alive so that users don't have to re-authenticate every hour.

I know that there's a flow for exchanging a refresh token for a new access token, and I can do that. But it seems like the ability to pass through the proxy is not governed directly by that token, but by a cookie called AzureAppProxyAccessCookie. Since I don't know how to convert my refreshed access token to a valid cookie value, this doesn't seem to solve my problem.

Note that I don't manage the proxy, so just increasing the expiration time on the token issued by Azure isn't an option.

So is there a way to refresh the AzureAppProxyAccessCookie token, or otherwise keep the session alive without making the user re-authenticate?

Answer 1

You can define a token life time policy with a longer token lifetime and assign it to your application.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#access-id-and-saml2-token-lifetime-policy-properties

https://docs.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes#create-a-policy-for-web-sign-in