Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, August 11, 2018 5:03 AM
I am developing a Web API and I am implementing security with OWIN, OAuth, the issue is that I have three different groups of users to which I need to give different expiration times, which is calculated according to certain data brought from the database.
I have tried to implement the described behavior on writing the ExpireUtc property of the ticket:
ticket.Properties.ExpireUtc = // Expiration time
But using this is always ignored and terminated using the ExpireTimeSpan set in the OAuthAuthorizationServerOptions object in the ConfigureOAuth method.
As I read in a stack overflow issue this is possibly a bug which will not be solved, there propose certain solutions which I have not been able to implement.
Someone could help me implement the behavior described in my GrantResourceOwnerCredentials ()
Note: configuring the expiration time of the tokens in the EndPoint method is not an option since there I do not have access to the userName and Password entered and based on these is that I do the query with which I calculate the time of expiration of the token .
All replies (5)
Monday, August 13, 2018 9:20 AM
Hi lavilaso,
I am developing a Web API and I am implementing security with OWIN, OAuth, the issue is that I have three different groups of users to which I need to give different expiration times, which is calculated according to certain data brought from the database.
Note: configuring the expiration time of the tokens in the EndPoint method is not an option since there I do not have access to the userName and Password entered and based on these is that I do the query with which I calculate the time of expiration of the token .
You can try to recreate a new Token with the different expiration times in your controller.
[HttpPost]
public HttpResponseMessage ReSetToken()
{
var identity = ((ClaimsPrincipal)User).Identity as ClaimsIdentity;
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
DateTimeOffset currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.AddMinutes(3000);//different expiration times
string token = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
accessToken = token,
}, Configuration.Formatters.JsonFormatter)
};
}
Best Regards,
Yong Lu
Monday, August 13, 2018 10:53 PM
Yohann Lu
Hi lavilaso,
lavilaso
I am developing a Web API and I am implementing security with OWIN, OAuth, the issue is that I have three different groups of users to which I need to give different expiration times, which is calculated according to certain data brought from the database.
lavilaso
Note: configuring the expiration time of the tokens in the EndPoint method is not an option since there I do not have access to the userName and Password entered and based on these is that I do the query with which I calculate the time of expiration of the token .
You can try to recreate a new Token with the different expiration times in your controller.
[HttpPost] public HttpResponseMessage ReSetToken() { var identity = ((ClaimsPrincipal)User).Identity as ClaimsIdentity; var ticket = new AuthenticationTicket(identity, new AuthenticationProperties()); DateTimeOffset currentUtc = new SystemClock().UtcNow; ticket.Properties.IssuedUtc = currentUtc; ticket.Properties.ExpiresUtc = currentUtc.AddMinutes(3000);//different expiration times string token = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket); return new HttpResponseMessage(HttpStatusCode.OK) { Content = new ObjectContent<object>(new { accessToken = token, }, Configuration.Formatters.JsonFormatter) }; }Best Regards,
Yong Lu
Thanks for answering.
I really do not understand much how it helps to have an exclusive driver to rebuild the token with the expiration settings that I need, could you explain it? who consumes that API fianl point for example?
And it is really not possible to implement this behavior directly in the GrantResourceOwnerCredentials () method.
Thursday, August 16, 2018 9:54 AM
Hi lavilaso,
After getting the token of the access resource, you can call this method again to get the updated token.
There is no best way. This is a way to try. It is best to set a permission to specific user which can invoke this method.
Best Regards,
Yong Lu
Sunday, August 19, 2018 1:05 AM
Hi lavilaso,
After getting the token of the access resource, you can call this method again to get the updated token.
There is no best way. This is a way to try. It is best to set a permission to specific user which can invoke this method.
Best Regards,
Yong Lu
So is the only way to set expiration times for dynamic tokens in Katana / OWIN?
Do not you think it's a cumbersome way to do it and should it be possible to do it directly in the GrantResourceOwnerCredentials () method?
And on the other hand I do not understand what you mean, it is best to set the permission for a specific user to invoke this method if the idea is to set dynamic token expiration times for all types of users.
Thanks for the help with this.
Tuesday, August 21, 2018 10:14 AM
Hi lavilaso
As far as I know, This is a way.
I recommend setting a unified initial value. After the expiration, get the token again.
Best Regards,
Yong Lu