Is there a way to have different ticket expiry lengths in OpenIddict?
Asked Answered
W

1

8

I have an app using OpenIddict for token authorization (access and refresh tokens) and overall, it's working great. The problem is that my use case has multiple app types (web and mobile) using the same authorization server. I'd like to have different expiry times for the different types (probably using different token endpoints) but I can't figure out a way to override the values set with SetAccessTokenLifetime and SetRefreshTokenLifetime. Is there a way to do this?

The goal is to have a longer access token length for the web apps and have the user redirect to the login when they expire (reasonably long expiry, e.g. hours). On the mobile side I want to use the refresh token to keep the user logged in. Best practice seems to indicate that on mobile I should have a very short token expiry (e.g. minutes) with a long refresh token expiry.

Thanks, Jason

Wreckage answered 24/2, 2017 at 15:15 Comment(0)
H
15

I'd like to have different expiry times for the different types (probably using different token endpoints) but I can't figure out a way to override the values set with SetAccessTokenLifetime and SetRefreshTokenLifetime. Is there a way to do this?

You can override the global token expiration values directly from your authorization endpoint action using the dedicated ClaimsPrincipal extensions:

principal.SetAccessTokenLifetime(TimeSpan.FromMinutes(30));
principal.SetAuthorizationCodeLifetime(TimeSpan.FromMinutes(1));
principal.SetIdentityTokenLifetime(TimeSpan.FromMinutes(30));
principal.SetRefreshTokenLifetime(TimeSpan.FromDays(2));
Hitlerism answered 24/2, 2017 at 22:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.