Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET Core and JWT token lifetime

Tags:

c#

authentication

asp.net-core

token

jwt

I utilize ASP.NET Core 2.1.1

It is interesting that the expiration time is only being taken into account when one provides both ClockSkew - in Startup.cs and JwtSecurityTokenHandler.TokenLifetimeInMinutes - in a controller.

For instance:

services
  .AddJwtBearer(x =>
  {
      ...
      x.TokenValidationParameters = new TokenValidationParameters()
      {
         ClockSkew = TimeSpan.FromMinutes(90),
         ...

plus

...
public async Task<AuthenticateOutput> Authenticate([FromBody] AuthenticateInput input)
{
   var tokenHandler = new JwtSecurityTokenHandler();
   tokenHandler.TokenLifetimeInMinutes = (int)TimeSpan.FromMinutes(90).TotalMinutes;
   ...

If I remove tokenHandler.TokenLifetimeInMinutes = (int)TimeSpan.FromMinutes(90).TotalMinutes; part - the default expiration time is used.

It seems to me that tokenHandler.TokenLifetimeInMinutes is still redundant and I just misunderstand the concept of how to set the expiration time correctly.

I also tried adding expiration claim - new Claim(ClaimTypes.Expiration, ...) - but that didn't have much effect.

like image 416
Alex Herman Avatar asked Jul 15 '18 06:07

Alex Herman

People also ask

What happens when JWT token expires .NET core?

Option 1 after token expiration, the user re-login by passing username and password and get the new access token. Option 2 using Refresh token re-generate new JWT access token and consume the secured API (without re-login).

What is the lifespan of JWT token?

May 3, 2022 When using the Okta authorization server, the lifetime of the JWT tokens is hard-coded to the following values: ID Token: 60 minutes. Access Token: 60 minutes. Refresh Token: 100 days.

How can I make my JWT token last longer?

A good pattern is to refresh the token before it expires. Set the token expiration to one week and refresh the token every time the user opens the web application and every one hour. If a user doesn't open the application for more than a week, they will have to login again and this is acceptable web application UX.

1 Answers

ClockSkew property isn't about expiration itself, it compensates for clock skew.

To setup token expiration you have to specify it on token creation:

new JwtSecurityToken(
                ...
                expires: DateTime.UtcNow.AddMinutes(90),
                ....);

and the following code will give you string with token:

var token = new JwtSecurityToken() { /* setup your token setting here*/ }
var tokenString = new JwtSecurityTokenHandler().WriteToken(token);
like image 196
Alex Riabov Avatar answered Sep 28 '22 11:09

Alex Riabov
Sign in to Comment

Related questions

Enforce LF line endings with CsvHelper
Convert List to Queue c# [duplicate]
Group list by month
What is the meaning of "this [int index]"?
Json.net deserialization null guid case
Property Name to Lambda Expression C#
Subscription to Windows Event Log?
List<comma-separated strings> => List<string>?
How can I run C# app which contains local SQL Server database on another computer?
asp.net core remove X-Powered-By cannot be done in middleware
In which case does TaskCompletionSource.SetResult() run the continuation synchronously?
Unable to create a constant value of type 'System.Char'
Can I use moq Mock<MyClass> to mock a class, not an interface?
Autofac IComponentContext vs ILifetimeScope
Find All Capital Letter in a String - Regular Expression C# [duplicate]
Binding a configuration to an object graph in .NET Core 2.0
Location permission for Android above 6.0 with Xamarin.Forms.Maps
C# - Sending Email - STOREDRV.Submission.Exception:OutboundSpamException
Database operation expected to affect 1 row(s) but actually affected 0 row(s)
Casting sbyte[] to bool[] and a char[] to short[]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!