Sliding expiration

[smanaton]

Hi,

I would like to be able to use sliding expiration, the current token lasts for 5 minutes but i would like to be able to refresh the token everytime a authenticated request is made so to get a rolling 5 minutes, i'm new to vue and aspnetcore but i have worked with .net framework for many years, is this something that can be done easily?

Thanks

Shane

[mrellipse]

gday! it shouldn't be too much hassle - but it does touch just about every layer in the app.

the gist of it would be

• edit server/config/extensions.cs:76 and add a handler for OnTokenValidated
• in the handler call the local authentication service to resolve the user
• use the returned identity to obtain a new token via token service
• add the updated access token to the http response header
• edit ui/app/common/axios.ts:28, and update the axios interceptors to grab the token from response header
• save the updated access token ( add a new method authentication-service.ts, similar to the existing login.ts method )
• update the vuex store with new token expiry info

[mrellipse]

just as an FYI, this stack overflow article JWT token refresh (sliding sessions) and signout is a nice resource

i like the idea of only letting the refresh event occur a max # of times per period - just to restrict the overall time a compromised user token can be used if hijacking occurs!

[smanaton]

Thanks for this, i will give it a go.

[mrellipse]

good luck, and please let me know how it goes!

[hmuhdkamran]

This may help you, https://github.com/jacobslusser/JwtAuthRenewWebApi/blob/master/docs/Sliding-Expiration.md

[mrellipse]

stale issue. closing for now.