2

How to configure the TokenLifespan of a token generated in .NET Core 3.1? I am using the following code but it's not working and is still using the 1-day TokenLifespan which is the default value.

public void ConfigureServices(IServiceCollection services){
    //...
    services.Configure<DataProtectionTokenProviderOptions>(options =>
    {
        options.TokenLifespan = TimeSpan.FromDays(5);
    });
    //...
}

I am not interested in configuration through custom classes when there is a builtin option to change it through the code given above but I don't know what am I doing wrong which is overriding my defined TokenLifeSpan value.

Zubair Rana
  • 2,006
  • 2
  • 15
  • 38
  • Did you get a solution for this? I am facing the same issue – too_cool Nov 30 '20 at 09:48
  • As far as the solution to override the default expiry time is concerned then no I did not find the solution. But I added a feature of regenerating the token and allowed users to generate again when required. – Zubair Rana Dec 01 '20 at 09:29
  • I was looking how to do this on .NET 5 and your question was my answer. It works for me no problems. – Christian Rios Oct 20 '21 at 17:49

2 Answers2

1

If you are using a provider that is based on TotpSecurityStampBasedTokenProvider i.e. EmailTokenProvider or PhoneNumberTokenProvider, then I don't think this is possible.

The Totp provider produces 6 digit codes, and has a life span of 3 minutes with a 90 seconds variance.

You would probably have to find a way to create your own OTP if you require them to be longer.

EDIT

Have a look at this post on how you can override the Rfc6238AuthenticationService to the extended/decrease your token lifespan

Steve
  • 1,061
  • 10
  • 21
  • According to the [source](https://github.com/aspnet/AspNetIdentity/blob/b7826741279450c58b230ece98bd04b4815beabf/src/Microsoft.AspNet.Identity.Core/Rfc6238AuthenticationService.cs#L82) the variance is actually 9 mins. – Mark G Jun 15 '21 at 04:28
0

The document shows how to change the email token lifespan, you need to add a custom DataProtectorTokenProvider<TUser> and DataProtectionTokenProviderOptions.

The same on github issue:

https://github.com/dotnet/AspNetCore.Docs/issues/5436#issuecomment-373965907

mj1313
  • 7,930
  • 2
  • 12
  • 32
  • Sorry for the confusion. I have updated my question. In both links you shared, the same answer is given for extending lifespan overall which I am using but it's not working for me, and still using the default value of 1 day. – Zubair Rana Sep 17 '20 at 14:56