- ABP Framework version: v2.9
- UI type: Angular
- Tiered (MVC) or Identity Server Separated (Angular): Identity Server Separated
Hi, we can see that meanwhile token lifetime is not prolonged per each request in UI, there is a fixed lifetime that is configured (1 year by default for now, as far as I remember). We want to provide a specific token life, like 15 mins and to prolong token lifetime per each request by this value. How would you recommend to do that?
10 Answer(s)
-
0
Hi,
You can set the expiration time and use the refresh token to get a new access token
-
0
Hi, could you please make a short test example how to work with refresh_token? In current implementation (built from ABP template) we use only access_token.
-
0
Hi,
Please see the document: https://identityserver4.readthedocs.io/en/latest/topics/refresh_tokens.html
-
0
Good, but from ABP-based project's prospective, does it need to be something like this in front-end part: Angular Refresh Token implementation and from back-end part probably nothing needs to be added to make it work?
-
0
Yes, you don't need to change back-end code.
-
0
OK. We implemented service on Angular side and seems like everything works now.
-
0
I can't close this ticket yet, because after installing ABP 3.2, where the authentication workflow has been changed, our refresh token funcitonality does not work anymore - user is not logged off after refresh interval passes.
We would like to know in details, how exactly the corresponding functionality has been changed since the previous ABP versions and how our code needs to be adopted to make token work again.
-
0
Hi
Now, we are using code flow. but you can still get the refresh token
-
0
OK, thanks. Where the refresh_token lifetime is set?
-
0
HI,
You can see the
IdentityServerDataSeedContributor.csin the domain project
You can also use the
IClientRepositoryto update client.var client = await _clientRepository.FindAsync(xx); client.AbsoluteRefreshTokenLifetime = ....; await _clientRepository.UpdateAsync(client);
