web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Trying to better under...
Power Automate
Unanswered

Trying to better understand authentication and token lifetime

(0) ShareShare
ReportReport
Posted on by Mike2500 1,247 Super User 2024 Season 1

UserA creates simple flow that connects to Office 365 Outlook and SharePoint Online. Given that userA has to change their password every 90 days:

 

  • Will the Flow continue to function indefinately, even after the password changes?
  • Does the above answer change if the flow isn't used for a period of time?
  • Does MFA impact any of this?
  • What are the possible causes of connections with a status of "can't sign in, update password"

 

 

Categories:
General topics
I have the same question (0)
  • v-xida-msft Profile Picture
    v-xida-msft on at

    Hi @Mike2500,

     

    For first question, if the password changes, a connection for flow will continue to function until the token expires. If the token expires, the user need to update their password for the flow to continue function.

    For second question, if the time is not more than expire time, the flow will continue to function indefinitely.

    For third question, yes, the MFA makes impact on this.

    For forth question, the possible causes as below:

    • The user has changed password of the account.
    • The user has delete the connection in Microsoft Flow
    • You have created the connection, but you don’t provide an authentication for it.

     

    More details about the token lifetime, please check the following document:

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes

     

    More details about the MAF policy, please check the following document:

    https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-how-it-works

     

     

     

    Best regards,

    Kris

  • Mike2500 Profile Picture
    Mike2500 1,247 Super User 2024 Season 1 on at

    So, the connection will continue to function until the token expires. If the flow runs every day, then every day it is using its refresh token to get another access token. Since the default value of "Single-Factor Refresh Token Max Age" is "Until-revoked", and since the refresh token "will not be revoked on voluntary password resets", then the connection will continue to function indefinately? Or, if the flow sits for 90 days without running, then the refresh token will expire, and the connection will fail (90 days being the default value for "refresh token max inactive time"). Or, if the user's password expires, then the refresh token will be revoked, and the connection will fail.

     

    I'm not sure what you meant by "yes, the MFA makes impact on this". Could you please clarify the impact of MFA?

    You mentioned that the connection will fail if the user changes their password, though the token doc said that refresh tokens will not be revoked for voluntary password resets. Could you please clarify?

     

     

  • vecerpa Profile Picture
    vecerpa 786 on at
    Hi @Mike2500 have you received some answer to aditional questions you asked? Or did you find answer by yourself?
    Hope @v-xida-msft have some answers.

    P.
  • Mike2500 Profile Picture
    Mike2500 1,247 Super User 2024 Season 1 on at

    Sorry, no new info.

  • vecerpa Profile Picture
    vecerpa 786 on at
    Is there any update regarding this topic? I am still looking for some answer to this 90 day lifetime.
  • Toasteroven Profile Picture
    Toasteroven 131 on at

    BUMP.

     

    I have a flow that runs when a user presses a button in a PowerApp, however after 90 days of not using the app they get an Unauthorised error due to the access token being revoked. I then have to manually re-add the connection.

     

    Would really like some insight from staff into OPs follow up question

  • vecerpa Profile Picture
    vecerpa 786 on at

    Hello @Toasteroven, I still had no chance to find out how to solve this except I am using for all Flows service account. Just one service account that is refreshing its connection each time it runs.

    But if you have only few Flows, you are still in riskt that token will expire.

    P.

  • Toasteroven Profile Picture
    Toasteroven 131 on at

    I have one flow, but about 30 users that use it. If any one of them doesn't use it for 90 days, their access token is revoked and they can no longer use it until I manually re-add their connection.

     

    I am looking at setting the expiry time of tokens from 90 days to indefinite. Are there any security concerns with doing this?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 522 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 364 Moderator

#3
abm abm Profile Picture

abm abm 243 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans