0

I would like to extend the access token expiration from ASP.Net. Below is the code from App_Start\Startup.Auth.cs

OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId),
            //AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(364), 
            AllowInsecureHttp = true // In production mode set AllowInsecureHttp = false
        };

However, the token was not last for a year if I deployed to live site. I used postman to test, managed to get the token, but the token would be expired after 20minutes.

Providers/ApplicationOAuthProvider.cs

public ApplicationOAuthProvider(string publicClientId)
    {
        if (publicClientId == null)
        {
            throw new ArgumentNullException("publicClientId");
        }

        _publicClientId = publicClientId;
    }

Result from Postman

{
"access_token": "accesstoken",
"token_type": "bearer",
"expires_in": 86399,
"userName": "admin@admin",
".issued": "Thu, 11 Oct 2018 04:39:03 GMT",
".expires": "Fri, 12 Oct 2018 04:39:03 GMT"
}

Is there anything I can do to extend in the ASP.Net MVC way?

hahahaha
  • 1,013
  • 2
  • 14
  • 41
  • 1
    Possible duplicate of [OWIN Security - How to Implement OAuth2 Refresh Tokens](https://stackoverflow.com/questions/20637674/owin-security-how-to-implement-oauth2-refresh-tokens) – pazcal Oct 09 '18 at 06:15
  • I think the proper question here is why `AccessTokenExpireTimeSpan = TimeSpan.FromDays(364)` is not working, instead it is using the default 20 minutes token expiration. – jegtugado Oct 09 '18 at 06:19
  • could u plz add your `ApplicationOAuthProvider` – er-sho Oct 09 '18 at 06:20
  • @JohnEphraimTugado I tried with different timespan, unfortunately all are not working. FromDays, FromMinutes...... all would be expired by 20min. – hahahaha Oct 09 '18 at 06:21
  • @ershoaib updated – hahahaha Oct 09 '18 at 06:23
  • @hahahaha, you have to implement `ApplicationOAuthProvider `s `override` method to working as intended. – er-sho Oct 09 '18 at 06:24
  • @ershoaib what do you mean? I'm using OAuthOptions, isn't it? – hahahaha Oct 11 '18 at 02:58
  • @ershoaib i've updated the question, with postman result. im able to get the expires after 1 day (im using 1 day now), but it doenst work. – hahahaha Oct 11 '18 at 08:16
  • what changes you made in code for 1day? – er-sho Oct 11 '18 at 10:25
  • This Q is answered here: https://stackoverflow.com/questions/33701398/oauth2-webapi-token-expiration – stuzor Nov 16 '18 at 04:40

0 Answers0