Hi @maliming, thanks for your prompt reply.
With the coding solution, we need to add a quite number of policies and update the Authorize("new_policy") for all the AppService that we want to share the tenant data. If we introduce a new table then need to update code again.
can we achieve it without coding, or do we have any other alternative solution to configure permission to let another party securely retrieve/update our tenant data without using IS4 client?
Hi @maliming, thanks for your reply.
As I mentioned above, the Identity Server -> Client does not appear when I logged in as tenant admin, so I could not grant permission to this client on the tenant level.
Is there a way to achieve it without coding?
If we have to do the coding, the application service requires one policy for authenticated users:
[RemoteService(IsEnabled = false)]
[Authorize(testingAppPermissions.TestingTenancies.Default)]
public class TestingTenancyAppService : ApplicationService, ITestingTenancyAppService
the Authorize does not allow multiple policies, how to combine it with the custom policy for identity server client?
Hi @alper, I think the issue can be resolved by set the AbsoluteRefreshTokenLifetime to 30 mins instead of default 30 days, is there a way to achieve it?
Hi @maliming, if user is active in the site, we still need to refresh the token before expiration.
We just dont want to refresh token if user is inactive for a period of time (30 mins).
Hi @gterdem, sorry for taking too long to reply.
We already implemented the front-end to trigger logout if user is inactive for 30 mins and set the access token life time = 30 mins as well but it does not work for sometimes, we checked the logs and found that client side managed to call refresh token successfully.
As per Identity Server documentation, the default refresh token lifetime is 30 days: AbsoluteRefreshTokenLifetime Maximum lifetime of a refresh token in seconds. Defaults to 2592000 seconds / 30 days.
https://identityserver4.readthedocs.io/en/latest/topics/refresh_tokens.html
This client setting is not available in UI (Administration -> Identity Server -> Clients)
Is there any other way to configure it?
Hi @alper, thanks for the info.
Hi @maliming, thanks for your prompt reply, I will override this method as per screenshot, thanks.
Hi @maliming, is there any work around for this issue? we are using v.3.3.2 and dont want to upgrade to v.4.3 as it is a breaking change.
Hi @alper, will someone fix it? is there any work around for this issue?
Hi @maliming, my login page is using angular, anw, you can test with the steps below:
Run the IdentityServer with Google authentication configured:
Login successful:
then logout and check the AbpSecurityLogs table, it only captures the logout activity:
