Open Closed

identity token expiry (absolute vs sliding) #3841


User avatar
0
shobhit created
  • ABP Framework version: v4.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

We need to make sure that identity token is getting expired when user is inactive for 5 min. It should be sliding expiration not the absolute expiration. Please confirm 1- Is this the default behaviour in ABP or do we have to make any customization? 2- We are using "https://identityserver/connect/token" api (grant_type = Password) to get the token in our mobile app. How we can achieve sliding expiration?


2 Answer(s)
  • User Avatar
    1
    maliming created
    Support Team

    hi

    You can refer to Identity Server documentation, ABP framework has not changed its behavior.

  • User Avatar
    1
    berkansasmaz created
    Support Team

    The topic doesn't seem to be related to ABP as Maliming said, but I would like to mention a few resources that you may find useful.

    Unfortunately, this is not the default behavior. However, you can do this easily.

    Note: You can find more information about the default behavior here.

    If you want to know more about how to set the sliding expiration, please see here

    I can also recommend you to look at the IdentityServer's documents related to this subject.

    In its simplest form, it should be similar to the following code:

    SlidingRefreshTokenLifetime = (int)TimeSpan.FromMinutes(5).TotalSeconds,
    RefreshTokenExpiration = (int)TokenExpiration.Sliding,
    AccessTokenLifetime = (int)TimeSpan.FromMinutes(3).TotalSeconds,
    
Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13