Is possible to override the default AccessTokenExpireTimeSpan for a specific ticket on a custom OAuthAuthorizationServerProvider? The default expiration time for all other tickets is 15 minutes.
public public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
...
var ticket = new AuthenticationTicket(identity, properties);
if (condition)
{
ticket.Properties.IssuedUtc = DateTime.UtcNow;
ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
context.Validated(ticket);
}
The generated token with condition == true has the default expiration time (15 minutes). I would like to not change the context.Options.AccessTokenExpireTimeSpan because it affects all tokens and that's not the idea.
You have to set the expiration time in the TokenEndPoint method instead of GrantResourceOwnerCredentials method:
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
...
if (condition)
{
context.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
...
}
I hope it helps.
EDIT
As pointed by Michael in his response to a similar question, if you have a different AccessTokenExpireTimeSpan for each client_id you can override the default configured AccessTokenExpireTimeSpan in the context options with the client one when validating the client authentication:
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
...
context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(client.AccessTokenExpireTime);
...
}
This works in the context (ha ha) you have:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.Options.AccessTokenExpireTimeSpan = YourCustomExpiryTimeHere();
}
But note, will need to be updated on every call or the last value you assign will be kept for the next login that occurs.
来源:https://stackoverflow.com/questions/32120754/override-accesstokenexpiretimespan