You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
token lifetime
About this tag
The token lifetime tag covers discussions about the validity period of OAuth 2.0 access tokens in Azure AD and Microsoft 365 environments. Content focuses on security risks from leaked credentials that can be exchanged for tokens, emphasizing the importance of short token lifetimes and proper secret management to limit exposure. Recurring themes include Azure AD application security, credential leaks from misconfigured files like appsettings.json, and the need for least-privilege controls. The tag is relevant for IT professionals and developers managing authentication in Microsoft cloud services.
A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...
This week’s wave of security headlines delivered a clear, uncomfortable message for Windows admins and security teams: the internet’s trust fabric is fraying in ways that let attackers hide inside legitimate flows — and Microsoft’s own infrastructure, link‑wrapping services, and even patch...