Why does using AD token to access storage account not expire after 90 min in azure?-CodePudding

Here is the code

from azure.identity import ClientSecretCredential

token_credential = ClientSecretCredential(
    "",# tenant id
    "",# active directory application id
    "", # active directory application secret
)

blob_service_client = BlobServiceClient(account_url=oauth_url, credential=token_credential)



def listcontainer():
    from azure.storage.blob import BlobServiceClient
    con = blob_service_client.list_containers()
    for x in con:
        print(x)


while True:
    end  = int(time.time())
    if end - start > 4800:
        break
    else:
        print("run time in minute: ", (end - start) / 60)
        try:
            listcontainer()
        except Exception as e:
            print("exception reached")
            print(e)
            break
    time.sleep(60)

I set BlobServiceClient once, and I expect an exception to be reached after 90min

However I don't see that happening

In this doc

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

The default lifetime of an access token is variable. When issued, an access token's default lifetime is assigned a random value ranging between 60-90 minutes (75 minutes on average). The default lifetime also varies depending on the client application requesting the token or if conditional access is enabled in the tenant. For more information, see Access token lifetime.

What does expiration pertain to in this case?

CodePudding user response：

The token does expire however SDK takes care of renewing it automatically when that happens. As a user, generally speaking you need not worry about it.