Override AccessTokenExpireTimeSpan

This works in the context (ha ha) you have:

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
     context.Options.AccessTokenExpireTimeSpan = YourCustomExpiryTimeHere();
}

But note, will need to be updated on every call or the last value you assign will be kept for the next login that occurs.

You have to set the expiration time in the TokenEndPoint method instead of GrantResourceOwnerCredentials method:

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
    ...

    if (condition)
    {
        context.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
    }

    ...
}

I hope it helps.

EDIT

As pointed by Michael in his response to a similar question, if you have a different AccessTokenExpireTimeSpan for each client_id you can override the default configured AccessTokenExpireTimeSpan in the context options with the client one when validating the client authentication:

public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
    ...

    context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(client.AccessTokenExpireTime);

    ...
}

Override AccessTokenExpireTimeSpan

Tags:

Oauth 2.0

Asp.Net Web Api2

Related

Recent Posts