17

I have set up an Identity Server 4 project in .NET Core 2.1, I have everything working but when I use the user manager to generate the reset password token, the token expires after 24 hours, can I change this so it's 48 hours?

My code to send the reset token looks like this:

var code = await _userManager.GeneratePasswordResetTokenAsync(user);

var callbackUrl = url.EmailConfirmationLink(user.Id, code, scheme);

My ConfigureServices looks like this:

   services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        {
            config.SignIn.RequireConfirmedEmail = true;
        })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

Thanks :)

Scott L
  • 647
  • 3
  • 8
  • 21
  • 2
    There is no specific tokens for those links that are included to email with links like "click me". You can change time period easy but for a whole application. `serviceCollection.Configure( x => x.TokenLifespan= ? );` To achive more you will need to write your onw token provider https://www.stevejgordon.co.uk/asp-net-core-identity-token-providers and assign it to `options.Tokens.PasswordResetTokenProvider = MyProvider` – Roman Pokrovskij Oct 15 '18 at 23:51
  • Hey I tied setting the DefaultEmailProvider to 48 hours and then assigning it to the PasswordResetTokenProvider but it hasn't worked.I'll try setting it for all and see if that works. thanks :) – Scott L Oct 19 '18 at 07:49

1 Answers1

33

Adding the following code to ConfigureServices() method in Startup.cs class should help you.

services.Configure<DataProtectionTokenProviderOptions>(options =>
    options.TokenLifespan = TimeSpan.FromDays(2));

Default Token Lifespan is 24 hours (1 day). Please refer github and TokenOptions

Charmis Varghese
  • 555
  • 4
  • 9