Determine if AccessToken is expired












0














I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token



Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.



I want to do this validation on the webserver. I just need the issued date on the access token



I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.



Thank you










share|improve this question
























  • Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
    – alsami
    Nov 12 '18 at 15:17












  • For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
    – Ruard van Elburg
    Nov 12 '18 at 21:29










  • I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
    – David
    Nov 13 '18 at 8:00


















0














I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token



Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.



I want to do this validation on the webserver. I just need the issued date on the access token



I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.



Thank you










share|improve this question
























  • Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
    – alsami
    Nov 12 '18 at 15:17












  • For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
    – Ruard van Elburg
    Nov 12 '18 at 21:29










  • I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
    – David
    Nov 13 '18 at 8:00
















0












0








0







I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token



Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.



I want to do this validation on the webserver. I just need the issued date on the access token



I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.



Thank you










share|improve this question















I am using the hybrid flow with the refresh token. I want to limit the calls from my web server to my Auth/Resource servers i.e. unauthorized errors from the resource server and unnecessary updates of the access token



Question:
Is there an expiry date on the access token or a way to add the expiry or issued date time to the Access token? I want to use this to test before refreshing the tokens.



I want to do this validation on the webserver. I just need the issued date on the access token



I do understand that the expiry date is not full proof and the token may still be invalid but I can cater for that scenario when it arises.



Thank you







asp.net-core-2.0 identityserver4






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 13 '18 at 8:02

























asked Nov 12 '18 at 15:09









David

3,082123256




3,082123256












  • Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
    – alsami
    Nov 12 '18 at 15:17












  • For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
    – Ruard van Elburg
    Nov 12 '18 at 21:29










  • I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
    – David
    Nov 13 '18 at 8:00




















  • Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
    – alsami
    Nov 12 '18 at 15:17












  • For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
    – Ruard van Elburg
    Nov 12 '18 at 21:29










  • I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
    – David
    Nov 13 '18 at 8:00


















Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17






Usually the JWT-middleware does that by default. How does your code look like? Who generated the token and how is it generated?
– alsami
Nov 12 '18 at 15:17














For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29




For which token do you want to validate the expiration? And you are talking client side? You want to check on the client if a token is still valid and only if otherwise then use the refresh token?
– Ruard van Elburg
Nov 12 '18 at 21:29












I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00






I have a web server, auth server and resource server. I want to validate the token on the webserver side before requesting data from the resource server. I want to validate the access token
– David
Nov 13 '18 at 8:00














2 Answers
2






active

oldest

votes


















1














The web server is the client. The client can read the expiration time (which is already part of the access token) like this:



using System.IdentityModel.Tokens.Jwt;

public class HomeController : Controller
{

public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");

// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);

var validTo = jwtSecurityToken.ValidTo;

// ...
}
}


I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.






share|improve this answer





















  • You are AMAZING!!!
    – David
    Nov 13 '18 at 16:03










  • Please have a look at stackoverflow.com/questions/53285495/…. Thank you
    – David
    Nov 13 '18 at 17:02



















0














The client configuration allows for the following properties to be set regarding access token lifetime:



AccessTokenLifetime: Lifetime of access token in seconds



AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token



RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)



Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html






share|improve this answer





















  • Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
    – David
    Nov 13 '18 at 7:24











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264982%2fdetermine-if-accesstoken-is-expired%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














The web server is the client. The client can read the expiration time (which is already part of the access token) like this:



using System.IdentityModel.Tokens.Jwt;

public class HomeController : Controller
{

public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");

// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);

var validTo = jwtSecurityToken.ValidTo;

// ...
}
}


I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.






share|improve this answer





















  • You are AMAZING!!!
    – David
    Nov 13 '18 at 16:03










  • Please have a look at stackoverflow.com/questions/53285495/…. Thank you
    – David
    Nov 13 '18 at 17:02
















1














The web server is the client. The client can read the expiration time (which is already part of the access token) like this:



using System.IdentityModel.Tokens.Jwt;

public class HomeController : Controller
{

public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");

// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);

var validTo = jwtSecurityToken.ValidTo;

// ...
}
}


I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.






share|improve this answer





















  • You are AMAZING!!!
    – David
    Nov 13 '18 at 16:03










  • Please have a look at stackoverflow.com/questions/53285495/…. Thank you
    – David
    Nov 13 '18 at 17:02














1












1








1






The web server is the client. The client can read the expiration time (which is already part of the access token) like this:



using System.IdentityModel.Tokens.Jwt;

public class HomeController : Controller
{

public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");

// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);

var validTo = jwtSecurityToken.ValidTo;

// ...
}
}


I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.






share|improve this answer












The web server is the client. The client can read the expiration time (which is already part of the access token) like this:



using System.IdentityModel.Tokens.Jwt;

public class HomeController : Controller
{

public async Task<IActionResult> CallApiUsingUserAccessToken()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");

// Read expiration time
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.ReadJwtToken(accessToken);

var validTo = jwtSecurityToken.ValidTo;

// ...
}
}


I've just added the lines concerning reading the expiration time. HomeController is part of the MvcClient project which is available in the 5_HybridFlowAuthenticationWithApiAccess sample.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 13 '18 at 11:09









Ruard van Elburg

5,26621125




5,26621125












  • You are AMAZING!!!
    – David
    Nov 13 '18 at 16:03










  • Please have a look at stackoverflow.com/questions/53285495/…. Thank you
    – David
    Nov 13 '18 at 17:02


















  • You are AMAZING!!!
    – David
    Nov 13 '18 at 16:03










  • Please have a look at stackoverflow.com/questions/53285495/…. Thank you
    – David
    Nov 13 '18 at 17:02
















You are AMAZING!!!
– David
Nov 13 '18 at 16:03




You are AMAZING!!!
– David
Nov 13 '18 at 16:03












Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02




Please have a look at stackoverflow.com/questions/53285495/…. Thank you
– David
Nov 13 '18 at 17:02













0














The client configuration allows for the following properties to be set regarding access token lifetime:



AccessTokenLifetime: Lifetime of access token in seconds



AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token



RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)



Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html






share|improve this answer





















  • Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
    – David
    Nov 13 '18 at 7:24
















0














The client configuration allows for the following properties to be set regarding access token lifetime:



AccessTokenLifetime: Lifetime of access token in seconds



AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token



RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)



Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html






share|improve this answer





















  • Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
    – David
    Nov 13 '18 at 7:24














0












0








0






The client configuration allows for the following properties to be set regarding access token lifetime:



AccessTokenLifetime: Lifetime of access token in seconds



AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token



RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)



Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html






share|improve this answer












The client configuration allows for the following properties to be set regarding access token lifetime:



AccessTokenLifetime: Lifetime of access token in seconds



AbsoluteRefreshTokenLifetime: Max lifetime of a refresh token



RefreshTokenExpiration: Fixed time expiration (has both absolute and sliding options)



Here is the documentation around this:
http://docs.identityserver.io/en/release/reference/client.html







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 12 '18 at 15:24









user1011627

1,1981017




1,1981017












  • Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
    – David
    Nov 13 '18 at 7:24


















  • Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
    – David
    Nov 13 '18 at 7:24
















Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24




Is there at least a way for me to add an issued date to the access token? then I could use this to see when it will expire
– David
Nov 13 '18 at 7:24


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264982%2fdetermine-if-accesstoken-is-expired%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

Xamarin.form Move up view when keyboard appear

Post-Redirect-Get with Spring WebFlux and Thymeleaf

Anylogic : not able to use stopDelay()