CODEWITHSUNDEEP
c#asp.netasp.net-web-apiauthorizationbearer-token
Pavel the coder
Pavel the coder

Reputation: 575

ASP.Net Web Api how to change token expiration time in runtime

For our ASP.Net application, we have recently implemented Web API usage. We use bearer token authentication. Our customer has ordered the opportunity to change token expiration time on the settings page and store it in the database. There is no problem to get it from database and change time in Startup.Auth.cs

static Startup()
{
    SettingsService _settingService = EngineContext.Current.Resolve<SettingsService>();
    var hostSettings = _settingService.GetHostSettings();
    OAuthServerOptions = new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/token"),
        AccessTokenExpireTimeSpan = TimeSpan.FromHours(hostSettings.ApiTokenExpirationTimeInHours),
        Provider = new ApplicationOAuthProvider()
    };
}

But we have to restart the application each time we want to modify expiration time. How to modify AccessTokenExpireTimeSpan dynamically without app restart?

Upvotes: 3

Views: 7618

Answers (1)

Pavel the coder
Pavel the coder

Reputation: 575

The solution of this problem was quite easy. OAuthServerOptions property was made as static public property with private setter

public static OAuthAuthorizationServerOptions OAuthServerOptions { get; private set; }

So OAuth options are available outside of Startup class. And so when host settings are changed, expiration time can be freely changed

Startup.OAuthServerOptions.AccessTokenExpireTimeSpan = TimeSpan.FromHours(hostSettings.ApiTokenExpirationTimeInHours);

Upvotes: 3

Related Questions