Identity Token-Based token expire after 15 min on server but work on local

Question

I use identity token-based and angularjs in my project, The token works properly in the local environment but expires in the server after 15 minutes. I set AccessTokenExpireTimeSpan = TimeSpan.FromDay(14) in middleware and check expire_in value in token, expire_in:1209599 equal to 14 day.

Apparently everything is right

OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() {

            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            Provider = new ApplicationOAuthProvider(PublicClientId),
        };

        app.UseOAuthAuthorizationServer(OAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

My server is Plesk

My Questions :

1- Should I set this setting(Expire Timeout) elsewhere? OAuth2 WebApi Token Expiration

2- Do you really have to use RefreshToken? http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/

3- Should I Config Plesk ???

4- Is related to the virtual server and machine key ??? asp.net identity expire bearer token after 20 min

Thank you for more details

Can you check your your generated token in a place like jwt.io and see if the expiration time is equal to 14 days? How are you sure that works on local but does now work on server? — Afshar Mohebi, Dec 10 '17 at 15:16
jwt.io can't decode my token, Is the token generated by the machine key ? I use virtual host .. Maybe that's because ? — Amin reza Abedi, Dec 11 '17 at 08:33
I think your host does not have any role on the token. The key is used for signing the token. — Afshar Mohebi, Dec 11 '17 at 08:38
Have you solved this? I have the exact same problem with my server while it's working locally. — IRONicMAN, Mar 14 '18 at 02:17

score 1 · Answer 1 · answered Aug 08 '18 at 05:24

1

i resolve this after a while. you must generate a appropriate machine key and add to your project's web.config.

you can generate machine key in : http://www.allkeysgenerator.com/Random/ASP-Net-MachineKey-Generator.aspx

answered Aug 08 '18 at 05:24

Amin reza Abedi

85
1
10

very nice, i had same issue and now resolved. instead of other site reference i have added answer to following answer. – Jainish Jariwala Aug 27 '18 at 10:17

score 1 · Accepted Answer · answered Aug 27 '18 at 10:19

As Amin said, it is correct

you must generate a appropriate machine key and add to your project's web.config.

you can generate machine key in : http://www.allkeysgenerator.com/Random/ASP-Net-MachineKey-Generator.aspx

so, i have generated key as following :

<machineKey validationKey="4E6D929B83FD607A895C1E65DDEB9E76E67D06291A040817EF59FBE59126ECA038266C20D8D649C94838A4157D40A9DAE3070755EF31AED17BC39DF0BD1D88CD" decryptionKey="83B540F6E86C959734C7C053A97F15E07AC7789100D26E7420B70597C66A84CD" validation="SHA1" decryption="AES" />

and added inside <system.web> tag.

Thanks !

Identity Token-Based token expire after 15 min on server but work on local

2 Answers2