Open Closed

Identity server token #1352

User avatar
0
vishalnikam created
  • ABP Framework version: v3.0.4
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:

Could you please help us on below queries related to access token

  1. How to prevent user from logging in multiple times and creating multiple simultaneous sessions.
  2. How to set session or token timeout in ABP framework? how it is handel this, if user is idel for some time and should be logged out.
  3. Currently, JSON web token (JWT) is not encrypted and can revealed the email (username) and expiration date of the token. how to encrypt it or is there any configuration settings.
Go to accepted answer
6 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    see https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session

  • User Avatar
    0
    vishalnikam created

    What about 3rd point . 3. Currently, JSON web token (JWT) is not encrypted and can revealed the email (username) and expiration date of the token. how to encrypt it or is there any configuration settings in ABP.

    Also, didnt get clear idea on below how implement session timeout and restrict multiple user login for Angular UI. could you please elaborate on this

    https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session

  • User Avatar
    0
    alper created
    Support Team Director

    basically you can save all the generated tokens in a database table, when a new request comes, you'll query the database did you try this https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhere

  • User Avatar
    0
    Repunjay created

    basically you can save all the generated tokens in a database table, when a new request comes, you'll query the database
    did you try this https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhere

    Can you please suggest on point #3. We have a vulnerability open which asks to Encrypt the JWT payload using the JSON web encryption (JWE) scheme. Does ABP supports it, please advise on steps to fix it.

  • User Avatar
    0
    Repunjay created

    basically you can save all the generated tokens in a database table, when a new request comes, you'll query the database
    did you try this https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhere

    Can you please suggest on point #3. We have a vulnerability open which asks to Encrypt the JWT payload using the JSON web encryption (JWE) scheme. Does ABP supports it, please advise on steps to fix it.

    Any update on this request? please advise.

  • User Avatar
    0
    alper created
    Support Team Director

    hi this is not related to the framework. encrypting a JWT token is the subject of Identity Server. so it'd be better to ask to the IDS repository https://github.com/IdentityServer/IdentityServer4

Assignee
No one
Labels
None yet
Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54