asp.net web api - OAuth JWT access token expiration depending on type of client -


i created jwt token implementation based on taiseer's tutorial.

the following code added owin startup class:

oauthauthorizationserveroptions oauthserveroptions = new oauthauthorizationserveroptions() {     allowinsecurehttp = httpcontext.current.isdebuggingenabled,     tokenendpointpath = new pathstring("/oauth2/token"),     accesstokenexpiretimespan = timespan.fromminutes(90),     provider = new customoauthprovider(),     accesstokenformat = new customjwtformat("http://example.com/") }; 

now there different types of apps use api. web clients, 90 minute expiration enough, mobile apps far short.

is there way mobile apps token expiration 1 year now? use custom http headers differentiate between types of apps. tried extend expiration in protect method of customjwtformat class, indeed allows larger expiration in jwt.

public class customjwtformat : isecuredataformat<authenticationticket> {      public string protect(authenticationticket data) {         ... emitted brevity ...          string appid = httpcontext.current.request.headers.getvalues("my-custom-header").firstordefault();         if (appid == null)             throw new applicationexception("application id header missing");          if (appid.tolower() == "mobileappheader") {              // set expiration 1 year             expires = datetimeoffset.utcnow.addyears(1);         }          var token = new jwtsecuritytoken(issuer, audienceid, data.identity.claims,                        issued.value.utcdatetime, expires.value.utcdatetime, signingkey); 

but in authorization response, still says 90 minutes:

{     "access_token": "eyj0ex...0cly6ju",     "token_type": "bearer",     "expires_in": 5399 } 

as can see, expires_in still set 90 minute timespan.

although response server indicates expiry of 90 minutes, asp.net web api takes inside ticket determine expiry time. if set default 90 minutes (in startup.cs) , 1 year mobile apps, mobile apps 1 year expiration.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -