I am trying to set a token expiration time dynamically, but it appears it just keeps defaulting to 20 minutes.
Here is my ConfigureAuth:
public void ConfigureAuth(IAppBuilder app) { OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(""), // In production mode set AllowInsecureHttp = false AllowInsecureHttp = true }; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); }
Here is my GrantResourceOwnerCredentials method:
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var hasValidLogin = (new login().authenticate(context.UserName, context.Password, "") == "valid"); if (hasValidLogin == false) { context.SetError("invalid_grant", "The user name or password is incorrect."); return Task.FromResult
And here is my SetProperties method where I can setting the expiration:
public static AuthenticationProperties CreateProperties(OAuthGrantResourceOwnerCredentialsContext context) { IDictionary data = new Dictionary { { "client_id", context.ClientId } }; var response = new AuthenticationProperties(data); response.ExpiresUtc = DateTime.Now.AddMonths(1); return response; }
Any ideas why I cannot set the expiration where I currently am? This server will take a variety of different clients with different specified expiration times, therefore I figured this is the place to do this. Is there somewhere else that I should doing this at? Thanks!
A work around is to set the expiration date in AuthenticationTokenProvider.CreateAsync (the class you use for OAuthAuthorizationServerOptions.AccessTokenProvider):
Simply set context.Ticket.Properties.ExpiresUtc with the expiration date of your choice, and it should work as intented:
public class AccessTokenProvider : AuthenticationTokenProvider { public override void Create(AuthenticationTokenCreateContext context) { context.Ticket.Properties.ExpiresUtc = // set the appropriate expiration date. context.SetToken(context.SerializeTicket()); } }
We have a similar situation, with different clients that have different token timeouts so we wanted to be able to set the expiration accordingly. In the AuthenticationTokenProvider we implemented we were setting the expiration but it was being overwritten by the time the token was being signed.
The solution we ended up happy with was overriding the TokenEndpoint method. We're then able to implement a client specific expiration :
public override Task TokenEndpoint(OAuthTokenEndpointContext context) { if (context.TokenIssued) { // client information var accessExpiration = DateTimeOffset.Now.AddSeconds(accessTokenTimeoutSeconds); context.Properties.ExpiresUtc = accessExpiration; } return Task.FromResult
*Edited to resolve a race condition.
回答3:
You can set it in the TokenEndPoint method instead of GrantResourceOwnerCredentials method. Please see my answer to a similar question here.
I hope it helps.
回答4:
I'll throw this out here, as of right now, there is simpler way without creating a new class, it's just setting options:
