I have setup an net core api server. I send my requests via a blazor client app. I set the expiry of each token to be 2 minutes, but the tokens work for about 7 minutes. Does the api checks the expiration date on every request?
the code I am using are like below. in the startup.cs I have
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["JwtIssuer"],
ValidAudience = Configuration["JwtAudience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtSecurityKey"]))
};
});
On user login, a token is issued like this
var expiry = DateTime.UtcNow.AddMinutes(2);
var token = new JwtSecurityToken(
_configuration["JwtIssuer"], // read from appsetttings.json
_configuration["JwtAudience"], // read from appsettings.json
claims, // claims added here
expires: expiry,
signingCredentials: creds // signature
);
I have two requests: the first on is at 11:52 which is successful while expiry date is 11:49 (you can see it in the next picture)
and second one is at 11:54 which is unsuccessful
