I'm using Microsoft.IdentityModel.Tokens to create a JWT but I need a token with no expiration date, can I create that token with the CreateJwtSecurityToken function? I tried ignoring the expires parameter but that not work.
An alternative is to have the ASP.NET WEB.API to ignore the expire dates of the token using this property:
TokenValidationParameters.ValidateLifetime
You set it inside AddJwtBearer(...);
Related
I uses tymon/jwt auth package for integrate jwt api authentication in my laravel project. Now i realize my token is destroyed after a particular time. So i need to increase the expires time of the token . I trying to do it like below-
JWTAuth::attempt($input,['exp' => Carbon\Carbon::now()->addDays(150)->timestamp]))
But This way its not working . Can anyone help me?
The Authorization Server is the one that is responsible for setting expiration time of your tokens. If you're in control of the Authorization Server, then you should change some settings there.
Usually you will receive a refresh token when authorizing with an Authorization Server (the token response may contain an access token and refresh token). If you received a refresh token then you can use it to get a new access token from the Authorization Server, once your token expires.
You could change it in file
config/jwt.php
'ttl' => env('JWT_TTL', 1440)
or change in .env file
I already have issued a lot of token for an existing application on production. There was a ttl and refresh_ttl value in JWT config. I have set ttl and refresh_ttl to null so that the new tokens doesn't have an expiration time. Right now, I want to remove expiration time from all the existing tokens. How do I achieve this?
I need a token( or key) to use in API request as bearer token.
The idea is to set it once for user and access resources without login.
I tried to use access_token for it, but max expiration time is 1 day.
So, I need a token:
- With expiration time >30 days
- which can uniquely identifies user
- Contains authentication data, like roles and groups
Any idea how it can be done with OKTA?
If you're using OAuth in conjunction with Okta, you can use a refresh_token (which can have a much longer expiration - including unlimited) to fetch a new access_token.
So, you wouldn't need end user (resource owner) interaction. But, when the access_token expires, you would need to fetch a new one using the refresh_token.
I have a Web API which is issuing Bearer Token after successful login check.
And API is set with Token Expiration time as 1 day and its working fine.
What I want is to expire a that token before its scheduled time (like 1 hour) if user sends a log out request, so that token won't work after that.
Is it possible?
As per my point of view, there is no need to expire generated token manually. Though you want to do so, you need to update(refresh) token expire time to the current request time, make sense?
But in that case, you will need to create a new token every time even if user logout and login before expiration time.
Because tokens are stored on the client and not on the server, You can't manually invalid token.
I had similar problem once, in this question
I have requirement where in client makes API calls using the access token. Generating access token is one time job and I will be providing the access token to the client.I believe, the spring security has a expiry on the access token on expiry of which need to pass the request token to get a new access token. Is there a way to disable the expiry of access token, which enables the API access with single access token always?
According to the API docs, you can set a zero or negative value for the access token validity if you don't want the token to expire.
Note that this will be overridden if you have set a specific value for the client.