Menu
Is possible to override the default AccessTokenExpireTimeSpan for a specific ticket on a custom OAuthAuthorizationServerProvider? The default expiration time for all other tickets is 15 minutes.
public public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
...
var ticket = new AuthenticationTicket(identity, properties);
if (condition)
{
ticket.Properties.IssuedUtc = DateTime.UtcNow;
ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
context.Validated(ticket);
}
The generated token with condition == true has the default expiration time (15 minutes). I would like to not change the context.Options.AccessTokenExpireTimeSpan because it affects all tokens and that's not the idea.
719
You have to set the expiration time in the TokenEndPoint method instead of GrantResourceOwnerCredentials method:
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
...
if (condition)
{
context.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
...
}
I hope it helps.
EDIT
As pointed by Michael in his response to a similar question, if you have a different AccessTokenExpireTimeSpan for each client_id you can override the default configured AccessTokenExpireTimeSpan in the context options with the client one when validating the client authentication:
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
...
context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(client.AccessTokenExpireTime);
...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
