I'm using the latest react SPA .NET Core 3 template and wondering is there a way to set the "AccessTokenLifetime" for a client, where obviously that client is my SPA.

I've been looking here https://github.com/aspnet/AspNetCore.Docs/blob/master/aspnetcore/security/authentication/identity-api-authorization.md#application-profiles and I've tried quite a few different things.

But doesn't seem there is a way to set client properties, other than the few detailed on the page above eg RedirectUri, LogoutUri

After a bit of hunting I found that you can do it during the call to AddApiAuthorization<ApplicationUser, ApplicationDbContext>(); in the Startup

Replace it with:

services.AddIdentityServer()
    .AddApiAuthorization<ApplicationUser, ApplicationDbContext>(opt =>
    {
        foreach (var c in opt.Clients)
            c.AccessTokenLifetime = 120; // Expiration in Seconds
    });

All of the Token settings for Identity Server seem to be settable here.

Note that the collection of Clients is determined by your configuration. In the case of the basic dotnet net react -o <name> -au Individual template, the following is in the appSettings.json using the name of the project (the -o option to the dotnet command):

"IdentityServer": {
    "Clients": {
        "ReactAppIdentity": {
            "Profile": "IdentityServerSPA"
    }
}

I dug around in the source code but unfortunately I couldn't see a way to set these settings via configuration.