Oauth 2.0 覆盖AccessTokenExpireTimeSpan
是否可以在自定义OAuthAuthorizationServerProvider上覆盖特定票证的默认AccessTokenExpireTimeSpan?所有其他票的默认过期时间为15分钟Oauth 2.0 覆盖AccessTokenExpireTimeSpan,oauth-2.0,asp.net-web-api2,Oauth 2.0,Asp.net Web Api2,是否可以在自定义OAuthAuthorizationServerProvider上覆盖特定票证的默认AccessTokenExpireTimeSpan?所有其他票的默认过期时间为15分钟 public public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { ... var ticket = new AuthenticationTi
public public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
...
var ticket = new AuthenticationTicket(identity, properties);
if (condition)
{
ticket.Properties.IssuedUtc = DateTime.UtcNow;
ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
context.Validated(ticket);
}
生成的条件==true的令牌具有默认过期时间(15分钟)。我不想更改context.Options.AccessTokenExpireTimeSpan,因为它会影响所有令牌,这不是我的想法。您必须在
TokenEndPoint
方法中设置过期时间,而不是GrantResourceOwnerCredentials
方法:
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
...
if (condition)
{
context.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
}
...
}
我希望有帮助
编辑
正如他在对类似问题的回答中所指出的,如果您对每个客户机id有不同的AccessTokenExpireTimeSpan
,则在验证客户机身份验证时,您可以在上下文选项中用客户机覆盖默认配置的AccessTokenExpireTimeSpan
:
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
...
context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(client.AccessTokenExpireTime);
...
}
这适用于以下情况(哈哈):
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.Options.AccessTokenExpireTimeSpan = YourCustomExpiryTimeHere();
}
但请注意,在每次调用时都需要更新,否则您分配的最后一个值将保留在下次登录时
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// Note: a= how much time u want
Startup.OAuthOptions.AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(a);
}
还有许多不同的选项,如:
从天、从小时、从毫秒、从分钟