Menu
I'm using ASP.NET Boilerplate. I have an application in Angular (external to ABP) that I would like to consume my API.
For that, I get an access token via /api/TokenAuth/Authenticate, and then I use the token in the calls to my API.
The problem is that the token expires in 1 day and I would like the user session to persist longer, without the user having to login every 1 day.
Any idea how I can achieve that? I would like to make the token expiration time longer, even though I have read that it is insecure.
Thanks for the help!
242
So in summary when authorization is successful you need to issue two token ACCESS_TOKEN and REFRESH_TOKEN. When ACCESS_TOKEN expires you need to call another api with REFRESH_TOKEN to get new ACCESS_TOKEN. The client application can get a new access token as long as the refresh token is valid and unexpired.
If you look in the dashboard application settings, you can see the Refresh Token expiration time. By default, it is 720 hours (2592000 seconds). Since the error message says inavlid_grant , it may be possible that the application is not configured to accept Refresh Token grants.
You can modify tokenAuthConfig.Expiration in YourProjectNameWebCoreModule.
private void ConfigureTokenAuth()
{
// ...
tokenAuthConfig.Expiration = TimeSpan.FromDays(1);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
