Base solution for your next web application
Open Closed

Create static access token valid for 365 days #11251

User avatar
0
omkarchoudhari created

Hi,

We are developing a client application where we are exposing APIs to external application. That external application needs a static token instead of calling Authentication API every time when token expires I tried to create seperate API like TokenAuth/Authentication to generate static token valid for 365 days but it seems to be valid only for 24 hours instead of 365 days. I set expiration time for this access token to 365 days but it dosen't seems to be working as expected.

Can you please suggest how we can achieve this through framework?

Go to accepted answer
5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    When you call CreateAccessToken method (see https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Core/Controllers/TokenAuthController.cs#L781), you can pass expiration time to this method. Otherwise, the default value (1 day) will be used. Are you using the similar approach ?

  • User Avatar
    0
    omkarchoudhari created

    Thank you Ismail

    We tried this option as well by passing expiration time to CreateAccessToken . As you see in above scrrenshot, access token time expire in seconds = 365 days but in actual, it is valid only for 1 day.

  • User Avatar
    0
    omkarchoudhari created

    hi Ismail,

    Reopened this ticket again

    We created a method which generates static token which is valid for 365 days by passign expiration time But, we can't use this token more than a day It is throwing error "Current user did not login to the application"

    Can you please help me to resolve this issue?

    Token error =>

    Token Expiry date screenshot =>

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Does that work if you change this configuration to 365 days ?

  • User Avatar
    0
    omkarchoudhari created

    Ismail,

    I have written following code . So here I set Access token ExpireInSeconds property assigned to RefreshTokenExpiration value which is 365 days.

    var accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User, refreshTokenKey: refreshToken.key),new TimeSpan(365,1,1,1));

         return new AuthenticateResultModel
     {
        AccessToken = accessToken,
        ExpireInSeconds = (int)_configuration.RefreshTokenExpiration.TotalSeconds,
        RefreshToken = refreshToken.token,
        RefreshTokenExpireInSeconds = (int)_configuration.RefreshTokenExpiration.TotalSeconds,
        EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
        TwoFactorRememberClientToken = twoFactorRememberClientToken,
        UserId = loginResult.User.Id,
        TenantId = loginResult.Tenant?.Id,
        ReturnUrl = returnUrl,
     };

    Looks like AbpAuthorize is not validating this access token validity . can you pl confirm.

    [AbpAuthorize] public async Task<LeadOpportunityDetailDto> GetOpportunityDetail(string OpportunityId)

Assignee
No one
Labels
Non yet