Determine if AccessToken is expired
I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token
Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.
I want to do this validation on the webserver. I just need the issued date on the access token
I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.
Thank you
asp.net-core-2.0 identityserver4
asked Nov 12 '18 at 15:09
David
3,082123256
add a comment |
I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token
Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.
I want to do this validation on the webserver. I just need the issued date on the access token
I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.
Thank you
asp.net-core-2.0 identityserver4
asked Nov 12 '18 at 15:09
David
3,082123256
Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17
For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29
I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00
add a comment |
I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token
Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.
I want to do this validation on the webserver. I just need the issued date on the access token
I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.
Thank you
asp.net-core-2.0 identityserver4
asked Nov 12 '18 at 15:09
David
3,082123256
I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token
Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.
I want to do this validation on the webserver. I just need the issued date on the access token
I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.
Thank you
asp.net-core-2.0 identityserver4
asp.net-core-2.0 identityserver4
asked Nov 12 '18 at 15:09
David
3,082123256
asked Nov 12 '18 at 15:09
David
3,082123256
edited Nov 13 '18 at 8:02
asked Nov 12 '18 at 15:09
David
3,082123256
asked Nov 12 '18 at 15:09
David
3,082123256
asked Nov 12 '18 at 15:09
David
3,082123256
3,082123256
Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17
For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29
I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00
add a comment |
Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17
For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29
I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00
Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17
Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17
For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29
For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29
I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00
I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00
add a comment |
2 Answers
2
active
oldest
votes
The web server is the client. The client can read the expiration time (which is already part of the access token) like this:
using System.IdentityModel.Tokens.Jwt;
public class HomeController : Controller
{
public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);
var validTo = jwtSecurityToken.ValidTo;
// ...
}
}
I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
add a comment |
The client configuration allows for the following properties to be set regarding access token lifetime:
AccessTokenLifetime: Lifetime of access token in seconds
AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token
RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)
Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html
answered Nov 12 '18 at 15:24
user1011627
1,1981017
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264982%2fdetermine-if-accesstoken-is-expired%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The web server is the client. The client can read the expiration time (which is already part of the access token) like this:
using System.IdentityModel.Tokens.Jwt;
public class HomeController : Controller
{
public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);
var validTo = jwtSecurityToken.ValidTo;
// ...
}
}
I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
add a comment |
The web server is the client. The client can read the expiration time (which is already part of the access token) like this:
using System.IdentityModel.Tokens.Jwt;
public class HomeController : Controller
{
public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);
var validTo = jwtSecurityToken.ValidTo;
// ...
}
}
I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
add a comment |
The web server is the client. The client can read the expiration time (which is already part of the access token) like this:
using System.IdentityModel.Tokens.Jwt;
public class HomeController : Controller
{
public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);
var validTo = jwtSecurityToken.ValidTo;
// ...
}
}
I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
The web server is the client. The client can read the expiration time (which is already part of the access token) like this:
using System.IdentityModel.Tokens.Jwt;
public class HomeController : Controller
{
public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);
var validTo = jwtSecurityToken.ValidTo;
// ...
}
}
I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
answered Nov 13 '18 at 11:09
Ruard van Elburg
5,26621125
5,26621125
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
add a comment |
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
You are AMAZING!!!
– David
Nov 13 '18 at 16:03
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02
add a comment |
The client configuration allows for the following properties to be set regarding access token lifetime:
AccessTokenLifetime: Lifetime of access token in seconds
AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token
RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)
Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html
answered Nov 12 '18 at 15:24
user1011627
1,1981017
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
add a comment |
The client configuration allows for the following properties to be set regarding access token lifetime:
AccessTokenLifetime: Lifetime of access token in seconds
AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token
RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)
Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html
answered Nov 12 '18 at 15:24
user1011627
1,1981017
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
add a comment |
The client configuration allows for the following properties to be set regarding access token lifetime:
AccessTokenLifetime: Lifetime of access token in seconds
AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token
RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)
Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html
answered Nov 12 '18 at 15:24
user1011627
1,1981017
The client configuration allows for the following properties to be set regarding access token lifetime:
AccessTokenLifetime: Lifetime of access token in seconds
AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token
RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)
Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html
answered Nov 12 '18 at 15:24
user1011627
1,1981017
answered Nov 12 '18 at 15:24
user1011627
1,1981017
answered Nov 12 '18 at 15:24
user1011627
1,1981017
answered Nov 12 '18 at 15:24
user1011627
1,1981017
1,1981017
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
add a comment |
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264982%2fdetermine-if-accesstoken-is-expired%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17
For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29
I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00