Reputation: 463
Configuring JWT Token Validations Parameter cannot be set in ASP Net Core
I have a scenario in which I need to set the clock skew for JWT bearer tokens. but whatever I do, the code ignores my settings.
I have tried configuring it in multiple different sections of the Dependency Injection file in the Infrastructure Layer, but it ignores all of them.
I have this at the moment:
services.AddIdentityServer(options =>
{
options.IssuerUri = configuration.GetSection("MyCurrentDomainName")?.Value;
options.Authentication.CookieLifetime = TimeSpan.FromDays(999);
options.Authentication.CookieSlidingExpiration = true;
}).AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
services.Configure<JwtBearerOptions>(configuration =>
{
configuration.TokenValidationParameters.ClockSkew = TimeSpan.FromSeconds(9875664);
});
services.TryAddEnumerable(ServiceDescriptor
.Singleton<IConfigureOptions<JwtBearerOptions>, ConfigureBearerOptions>());
Services.AddTransient<IProfileService, ProfileService>();
services.TryAddEnumerable(ServiceDescriptor
.Singleton<IPostConfigureOptions<JwtBearerOptions>, ConfigureJwtBearerOptions>());
The code ignores my configurations and sets the clock skew to its default 5 minutes.
In the last line of the above code, I have a PostConfigurationOption, and I have set the clock skew there as well, it runs the code, but when the WebUI layer calls for the authentication, the clock skew will default to 5 minutes.
What am I doing wrong here?
Upvotes: 0
Views: 849
Answers (1)
Reputation: 1680
services.AddIdentityServer(options =>
{
options.Authentication.CookieLifetime = TimeSpan.FromDays(999);
});
If you're using Jwt token, why setting cookie lifetime ?
services.Configure<JwtBearerOptions>(configuration =>
{
configuration.TokenValidationParameters.ClockSkew = TimeSpan.FromSeconds(9875664);
});
JwtBearerOptions got registered in the app service but internally. Identity server doens't make use of this.
Identity server internally make use of table Clients on the server to skew the clock for each client that we register. The time specified by corresponding columns IdentityTokenLifetime, AccessTokenLifetime, AuthorizationCodeLifetime, ConsentLifetime, AbsoluteRefreshTokenLifetime, SlidingRefreshTokenLifetime, modify them as you need.
UPDATE
The template still make use of IdentityServer4, it doesn't make it own magic. And that's what happen in the template.
In Startup, service called AddInfrastructure. which let the app to use In-memory database (as default config on appSettings), furthur more, IdentityServer took the IdentityServerSPA option on appSettings as it's profile. which will get config at .AddApiAuthorization<ApplicationUser, ApplicationDbContext>().
Since it's a pre-config profile, you cannot mess with it.
For the most clearly instruction, use localdb sql server. I think the way to do that is clear enougn in DependencyInjection file on Infrastructure layer. Then we'll see the table magically appear on sql.
And if it's just a simple demo, try this:
// Modify this block code in DependencyInjection file, Infrastructure layer
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(cfg =>
{
var defaultClient = cfg.Clients["CleanArchitecture.WebUI"];
defaultClient.AccessTokenLifetime = 3600; // 3600s
});
And other lifetime for each kind of token per client can be configure as well.
Upvotes: 1
Related Questions
- JWT TokenValidationParameters problem with ValidAudiences
- .Net Core API JWT Token Validation
- Can't get asp .net core 2.2 to validate my JWT
- Asp.net Jwt token validation
- ASP.Net Core JWT Token validation
- JwtBearer TokenValidationParameters don't seem to be Tested
- JWT Bearer Authentication and Authorization not working, because of TokenValidationParameters
- Unable to validate JWT Token
- JWT Authentication validation in asp.net core
- Add custom validation to JWT token for ASP.NET Core?