Refreshing OIDC Token/Force Re-Login

Is there anything in PSU that can handle this out of interest? After an hour of being logged into my UD my access token expires and so I can no longer use it for getting msal tokens to query Graph etc


Just updated from 2.4.1 to 2.6.1 and it looks like the logout button has disappeared… this was providing a handy workaround from me fixing this properly. Logging out and then loading any page sent me back through OIDC login and my token was renewed.

I tried just hitting the /login page, which loads, but it doesn’t actually log me out. /logout and /log-out give a 404.

Is there some way I can force the user through a re-login so it grabs a new token?

Noticed this git issue, but it’s from a fair old while ago:

We currently don’t support this but you could try to perform a logout in the event of an error like this.The sign out URL is: ‘/api/v1/signout’

try {
  # azure stuff
} catch {
   if ($_.Exception.Message.Contains('AADSTS500133'))
         Invoke-UDRedirect '/api/v1/signout' -OpenInNewWindow
         Invoke-UDJavaScript 'window.location.reload()'
1 Like

That’ll definitely do for now… thanks!

Out of interest - if I were to have a bash at writing a function to refresh the user’s token, would a dashboard/endpoint be able to overwrite $AccessToken in the user’s session with a new value or is that protected somehow?

(Just thinking out loud tbh)

I don’t think it would be able to overwrite it and have it persist so you might need to use a $Session:AccessToken variable or something.

$Session:AccessToken = $AccessToken
if ($Refresh)
      $Session:AccessToken = $RefreshedAccessToken
1 Like

Ah yeah, great thought