问题
Is possible to override the default AccessTokenExpireTimeSpan for a specific ticket on a custom OAuthAuthorizationServerProvider? The default expiration time for all other tickets is 15 minutes.
public public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
...
var ticket = new AuthenticationTicket(identity, properties);
if (condition)
{
ticket.Properties.IssuedUtc = DateTime.UtcNow;
ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
context.Validated(ticket);
}
The generated token with condition == true has the default expiration time (15 minutes). I would like to not change the context.Options.AccessTokenExpireTimeSpan because it affects all tokens and that's not the idea.
回答1:
You have to set the expiration time in the TokenEndPoint method instead of GrantResourceOwnerCredentials method:
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
...
if (condition)
{
context.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
...
}
I hope it helps.
EDIT
As pointed by Michael in his response to a similar question, if you have a different AccessTokenExpireTimeSpan for each client_id you can override the default configured AccessTokenExpireTimeSpan in the context options with the client one when validating the client authentication:
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
...
context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(client.AccessTokenExpireTime);
...
}
回答2:
This works in the context (ha ha) you have:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.Options.AccessTokenExpireTimeSpan = YourCustomExpiryTimeHere();
}
But note, will need to be updated on every call or the last value you assign will be kept for the next login that occurs.
来源:https://stackoverflow.com/questions/32120754/override-accesstokenexpiretimespan