Hi everyone, I am trying to disable the refresh token and offline access in my app. I have followed multiple steps either here on this forum or on the internet but I haven't been successful. What I have done so far is I disabled the refresh token on the frontend (Angular) in the OpenId section and I removed the "offline_access" from the scope in the .env file. I have looked in the backend but I couldn't find anywhere to remove the refresh token in the AuthServer. Once I have done these steps, I no longer have the refresh token stored in localStorage, but the behaviour still persists. I have lowered the validation duration of the access token to 10mins, but once it expires, the app automatically gets a new one and the user's session is extended. Basically what i'm stuck with is a never ending user session which is not desirable in our case.
Am I missing a step in the backend? is there anyway to force the user to re-authenticate after the session access token is expired?
- ABP Framework version: v6.0.1
- UI Type: Angular
- Database System: EF Core (PostgreSQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server Separated (for Angular)
5 Answer(s)
-
0
Hi,
It works for me
-
0
Hi,
It works for me
Thanks liangshiwei, That's exactly what I did and the same result I got but the JWT access token still gets renewed after expiry even though the refresh token is not there. In your case, if you for example set the JWT token expiry time in 10mins, does the app send a new request for a new one and gets it?
-
0
ok, I will check it
-
0
Hi,
You can try this:
context.Services.ConfigureApplicationCookie(options => { options.ExpireTimeSpan = TimeSpan.FromSeconds(30); // just an example, you can use any time span you want });[ExposeServices(typeof(LoginModel))] public class MyLoginModel : OpenIddictSupportedLoginModel { public MyLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions<IdentityOptions> identityOptions, IOptionsSnapshot<Owl.reCAPTCHA.reCAPTCHAOptions> reCaptchaOptions, AbpOpenIddictRequestHelper openIddictRequestHelper) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions, openIddictRequestHelper) { } public override Task<IActionResult> OnPostAsync(string action) { // Remember me must be true, otherwise the cookie is session LoginInput.RememberMe = true; return base.OnPostAsync(action); } } -
0
Thank you very much liangshiwei. That solved the issue.
