Identity Server 3: Set different Refresh Token Expiration for a specific user RSS

• • Reply
  SkyFallDev20...

  None

  0 Points

  2 Posts

  Identity Server 3: Set different Refresh Token Expiration for a specific user

  Oct 18, 2018 12:08 AM|SkyFallDev2018|LINK

  I have the following setup:

  Client: AngularJS Web App

  Server: ASP.NET Web API

  In the server I use the IdentityFramework3 to authenticate users on my AngularJS Client that has the (oidc-token-manager) configured.

  Currently I'm setting the AbsoluteRefreshTokenLifetime to 48 hours for my Client MyAngularJsApp like so:

  new Client
  {
  	Enabled = true,
  	ClientId = MyAngularJsApp.Id,
  	ClientUri = MyAngularJsApp.Uri,
  	ClientName = MyAngularJsApp.Name,
  	Flow = Flows.Implicit,
  	AllowAccessToAllScopes = true,
  	IdentityTokenLifetime = 300,
  	AccessTokenLifetime = 3600,
  	RefreshTokenExpiration = TokenExpiration.Absolute,
  	RefreshTokenUsage = TokenUsage.ReUse,
  	AbsoluteRefreshTokenLifetime = TimeSpan.FromDays(2).Seconds,
  	RequireConsent = false,
  	RedirectUris = new List<string>
  	{
  		MyAngularJsApp.Uri + "/assets/idSrv/callback.html",
  		MyAngularJsApp.Uri + "/assets/idSrv/silentrefreshframe.html"
  	},
  	PostLogoutRedirectUris = new List<string>
  	{
  		MyAngularJsApp.Uri + "/index.html"
  	}
  },

  There is one specific user that will log into my client that I want to set his Refresh Token to last 100 days so that the user does not have to Authenticate in 100 days, the reason I need this specific user to have 100 days without needing to log in is because this user will be used to display a specific part of the app on a big monitor, it'll remain static for 100 days

  AbsoluteRefreshTokenLifetime = TimeSpan.FromDays(100).Seconds,

    How do I make it so that only this user has this refresh token lifetime?

• • Reply
  Nan Yu

  All-Star

  18815 Points

  3831 Posts

  Re: Identity Server 3: Set different Refresh Token Expiration for a specific user

  Oct 19, 2018 06:44 AM|Nan Yu|LINK

  Hi SkyFallDev2018 ,

  I don't think identity server 3 supports dynamic registration for clients but not sure , you can confirm that on their support channel :

  https://github.com/IdentityServer/IdentityServer3/issues 

  As a workaround , you can register two clients , and only the specific user can authenticate in that client which has special configuration .

  Best Regards,

  Nan Yu

• • Reply
  SkyFallDev20...

  None

  0 Points

  2 Posts

  Re: Identity Server 3: Set different Refresh Token Expiration for a specific user

  Oct 19, 2018 02:31 PM|SkyFallDev2018|LINK

  That would mean I need to create two deployments of my AngularJS Client with two different domains, I was hoping for a better solution but it doesn't look like it's supported.

• • Reply
  Nan Yu

  All-Star

  18815 Points

  3831 Posts

  Re: Identity Server 3: Set different Refresh Token Expiration for a specific user

  Oct 22, 2018 06:56 AM|Nan Yu|LINK

  Hi SkyFallDev2018,

  You can confirm that feature on github support channel , in addition , you doesn't need to use two different domain .

  Best Regards,

  Nan Yu