ASP.NET Boilerplate token expiration

Question

I'm using ASP.NET Boilerplate. I have an application in Angular (external to ABP) that I would like to consume my API.

For that, I get an access token via /api/TokenAuth/Authenticate, and then I use the token in the calls to my API.

The problem is that the token expires in 1 day and I would like the user session to persist longer, without the user having to login every 1 day.

Any idea how I can achieve that? I would like to make the token expiration time longer, even though I have read that it is insecure.

Thanks for the help!

I think implementing a refresh token mechanism is better than extending the token expiration time. — mahmoud nezar sarhan, Jul 27 '20 at 08:48

score 10 · Accepted Answer · answered Sep 02 '18 at 05:22

10

You can modify tokenAuthConfig.Expiration in YourProjectNameWebCoreModule.

private void ConfigureTokenAuth()
{
    // ...

    tokenAuthConfig.Expiration = TimeSpan.FromDays(1);
}

answered Sep 02 '18 at 05:22

aaron

Thank you!! It will help me to solve the problem temporarily. Do you know if there is any way to extend the user's session without extending the token? It would be useful to improve security – Leonardo Fernandez da Silva Sep 05 '18 at 17:42

1 Answers1