Base solution for your next web application
Open Closed

Web Api Authorization - Token expiration? #2095


User avatar
0
chrisk created

Hi there,

I've got questions in regards to Token Authorization used in dynamic WebApi project. I'm able to successfully use WebApi and call authorized method once obtained token, however I don't know when and if token expires ? If so - how to check it ?

Thank you for all answers and suggestions.


4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    I dont't remember the duration right now but token expires. When you get a 401 Unauthorized response, you need to get a new token.

  • User Avatar
    0
    chrisk created

    Hi,

    Thank you very much for response. Do you know where to look to customize it ? I'm quite new to Identity and Authorization features :P

  • User Avatar
    0
    gpcaretti created

    Default token expiration should be to 20 minutes, due to the fact the OAuth2 authorization server discards it, even if you try to set it.

    A work around is to set the expiration date in AuthenticationTokenProvider.CreateAsync (the class you use for OAuthAuthorizationServerOptions.AccessTokenProvider). Set context.Ticket.Properties.ExpiresUtc with the expiration date of your choice, and it should work: Try to see: <a class="postlink" href="http://stackoverflow.com/questions/33701398/oauth2-webapi-token-expiration">http://stackoverflow.com/questions/3370 ... expiration</a>.

    See AbpLogInManager AbpSignInManager

  • User Avatar
    0
    ismcagdas created
    Support Team

    Thanks @gpcaretti :).