Is it possible define that ASP.NET Web API 2 bearer token that never expires? Any clue?
Asked
Active
Viewed 9,903 times
5
-
1ASP.NET MVC and ASP.NET Web API are different projects. – abatishchev Mar 10 '14 at 23:32
-
You can set expiration to 1 year or 100. – abatishchev Mar 10 '14 at 23:33
-
3that's a really bad idea! If you have an access token which never expires, how is it different than a password/username combination? It's even worse than that. – tugberk Mar 18 '14 at 10:25
2 Answers
7
I think we can also achieve this by using given below code
AccessTokenExpireTimeSpan = TimeSpan.MaxValue
According to MSDN,
The value of this field is equivalent to Int64.MaxValue ticks. The string representation of this value is positive 10675199.02:48:05.4775807, or slightly more than 10,675,199 days https://msdn.microsoft.com/en-us/library/system.timespan.maxvalue(v=vs.110).aspx
Ibtisam
- 141
- 2
- 10
3
I don't think you can set it to never expire but you could certainly set a longer AccessTokenExpireTimeSpan:
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
Ben Foster
- 34,340
- 40
- 176
- 285