• Hello and welcome to our new forums. We upgraded our forum sites to a more robust and modern system which we hope you will enjoy. Be sure to check out your profile by clicking the button on the top right and configure your preferences, signature, time zone, avatar, etc. as you wish. If you need help with using this new forum'ware try the help link on the bottom right.

    Click here to review your account now.

Identity Server 3: Set different Refresh Token Expiration for a specific user

SkyFallDev2018

New member
Joined
Oct 17, 2018
Messages
4
Programming Experience
3-5
I have the following setup:
Client: AngularJS Web App
Server: ASP.NET Web API
In the server I use the IdentityFramework3 to authenticate users on my AngularJS Client that has the (oidc-token-manager) configured.
Currently I'm setting the AbsoluteRefreshTokenLifetime to 48 hours for my Client MyAngularJsApp like so:
Code:
new Client
{
    Enabled = true,
    ClientId = MyAngularJsApp.Id,
    ClientUri = MyAngularJsApp.Uri,
    ClientName = MyAngularJsApp.Name,
    Flow = Flows.Implicit,
    AllowAccessToAllScopes = true,
    IdentityTokenLifetime = 300,
    AccessTokenLifetime = 3600,
    RefreshTokenExpiration = TokenExpiration.Absolute,
    RefreshTokenUsage = TokenUsage.ReUse,
    AbsoluteRefreshTokenLifetime = TimeSpan.FromDays(2).Seconds,
    RequireConsent = false,
    RedirectUris = new List<string>
    {
        MyAngularJsApp.Uri + "/assets/idSrv/callback.html",
        MyAngularJsApp.Uri + "/assets/idSrv/silentrefreshframe.html"
    },
    PostLogoutRedirectUris = new List<string>
    {
        MyAngularJsApp.Uri + "/index.html"
    }
},
There is one specific user that will log into my client that I want to set his Refresh Token to last 100 days so that the user does not have to Authenticate in 100 days, the reason I need this specific user to have 100 days without needing to log in is because this user will be used to display a specific part of the app on a big monitor, it'll remain static for 100 days
Code:
AbsoluteRefreshTokenLifetime = TimeSpan.FromDays(100).Seconds,
How do I make it so that only this user has this refresh token lifetime?
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
2,202
Location
Sydney, Australia
Programming Experience
10+
This:
AbsoluteRefreshTokenLifetime = TimeSpan.FromDays(100).Seconds

does not give you the number of seconds in 100 days. It will return zero. As an example of what Seconds actually does, this:
AbsoluteRefreshTokenLifetime = TimeSpan.FromSeconds(65).Seconds

would return 5, not 65. What you want is the TotalSeconds property, which gives you the whole TimeSpan as a number of seconds. Just note that it is type Double, because it includes fractional seconds, so you'll need to convert to an 'int'.
 

SkyFallDev2018

New member
Joined
Oct 17, 2018
Messages
4
Programming Experience
3-5
This:
AbsoluteRefreshTokenLifetime = TimeSpan.FromDays(100).Seconds

does not give you the number of seconds in 100 days. It will return zero. As an example of what Seconds actually does, this:
AbsoluteRefreshTokenLifetime = TimeSpan.FromSeconds(65).Seconds

would return 5, not 65. What you want is the TotalSeconds property, which gives you the whole TimeSpan as a number of seconds. Just note that it is type Double, because it includes fractional seconds, so you'll need to convert to an 'int'.
You're right I just changed it to TotalSeconds. Also do you know by any chance if there's a way to set this refresh token to 100 days just for a specific user instead of the whole client?

Lets say I have 100 users total that will be using my client, I want 99 of the users to have a Refresh Token of 2 days and that one specific user to have a Refresh Token of 100 days
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
2,202
Location
Sydney, Australia
Programming Experience
10+
I don't know off the top of my head whether it's even possible and I don't have time to research it now, but I may be able to later. I've done a little work with Identity but not a lot.
 

SkyFallDev2018

New member
Joined
Oct 17, 2018
Messages
4
Programming Experience
3-5
I don't know off the top of my head whether it's even possible and I don't have time to research it now, but I may be able to later. I've done a little work with Identity but not a lot.
No worries man, I'm on the same boat, I don't have much experience with it I'm currently learning it, I'm wondering if it's even possible as well, the reason I want a specific user to be signed in forever (or at least 100 days) is because this user account will be used to login one time and show some constantly updating stats on a monitor so I don't want it to ever log out at any time...

Thanks
 
Top Bottom