What is the default TokenLifespan of GeneratePasswordResetTokenAsync and GenerateUserTokenAsync

Question

I have looked everywhere and cannot seem to find out for sure what the default for each of these is.

I also need to know if there is a way to set different Lifespans for each. Thanks,

Answer 1

The default is apparently 24 hours for any of the tokens. You can set it to a different value, but the same value will apply to all the tokens equally (GenerateEmailConfirmationTokenAsync, GeneratePasswordResetTokenAsync and GenerateUserTokenAsync).

Setting a new value is done by specifying, for example, TokenLifespan = TimeSpan.FromHours(3) in the ApplicationUserManager.Create method in the App_Start\IdentityConfig.cs file:

        if (dataProtectionProvider != null)
        {
            manager.UserTokenProvider =
                new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"))
                {
                    // Added custom code to set a different lifespan
                    TokenLifespan = TimeSpan.FromHours(3)
                };
            ;
        }
        return manager;

Source: http://www.asp.net/identity/overview/features-api/account-confirmation-and-password-recovery-with-aspnet-identity

Different lifespans for different types of tokens: Looks like pushed back to the next "major update", per this: https://aspnetidentity.codeplex.com/workitem/2228.