Remote auth expiration fix

src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs

@@ -138,12 +138,6 @@ public string CookieName
         /// </summary>
         public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
 
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; }
-
         /// <summary>
         /// The component used to get cookies from the request or set them on the response.
         ///

src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs

@@ -95,12 +95,6 @@ public JwtBearerOptions() : base()
         /// </summary>
         public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
 
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
-
         /// <summary>
         /// Gets the ordered list of <see cref="ISecurityTokenValidator"/> used to validate access tokens.
         /// </summary>

src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs

@@ -175,10 +175,7 @@ protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext con
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties)
-            {
-                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
-            };
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {

src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs

@@ -64,11 +64,5 @@ public new IOAuthEvents Events
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
         public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }

src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs

@@ -259,10 +259,7 @@ protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext con
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if RedirectUri is not set)
-            var properties = new AuthenticationProperties(context.Properties)
-            {
-                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
-            };
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {

src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs

@@ -202,11 +202,5 @@ public new IOpenIdConnectEvents Events
         /// This is disabled by default.
         /// </summary>
         public bool SkipUnrecognizedRequests { get; set; } = false;
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }

src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs

@@ -131,10 +131,7 @@ protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext con
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties)
-            {
-                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
-            };
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {

src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs

@@ -59,11 +59,5 @@ public new ITwitterEvents Events
             get { return (ITwitterEvents)base.Events; }
             set { base.Events = value; }
         }
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }

src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs

@@ -1,7 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http.Authentication;
+using System.ComponentModel;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -47,5 +49,11 @@ public string AuthenticationScheme
         /// Additional information about the authentication type which is made available to the application.
         /// </summary>
         public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
+
+        /// <summary>
+        /// For testing purposes only.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }

src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs

@@ -149,7 +149,7 @@ protected virtual void GenerateCorrelationId(AuthenticationProperties properties
             {
                 HttpOnly = true,
                 Secure = Request.IsHttps,
-                Expires = properties.ExpiresUtc
+                Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
             properties.Items[CorrelationProperty] = correlationId;