locked
Refresh Token Web API RRS feed

  • Question

  • User1690434716 posted

    I have a web API in Server, and MVC in Client. I issue access token with 30 minutes. How to khow whenever i need refresh token ?

    Monday, June 6, 2016 1:50 AM

Answers

  • User36583972 posted

    Hi Ken.N,

    You can use the following method. You can parse the token value and Refresh/updating existing Token validity.

           /// <summary>
            /// Updating existing Token validity  
            /// </summary>
            /// <param name="Token"></param>
            /// <returns></returns>
            /// using System.Security.Claims;using System.Runtime.Caching;using Microsoft.Owin.Security;using Microsoft.Owin.Infrastructure;using Microsoft.AspNet.Identity;
            public HttpResponseMessage UpdateTokenTime(string Token)
            {
                AuthenticationTicket ticket = Startup.OAuthOptions.AccessTokenFormat.Unprotect(Token);
                ClaimsIdentity identity = ticket.Identity;
                if (ticket != null && (ticket.Properties != null && ticket.Properties.ExpiresUtc.HasValue))
                {
                    if (ticket.Properties.ExpiresUtc.Value < DateTimeOffset.UtcNow)
                    {
                        //Change the time - Increased 3600 seconds
                        ticket.Properties.ExpiresUtc.Value.AddSeconds(3600);
                    }
                }
                //Token encryption protection
                string token = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);
                //Back token, the client saved.
                return new HttpResponseMessage(HttpStatusCode.OK)
                {
                    Content = new ObjectContent<object>(new
                    {
                        accessToken = token,
                        expiresIn = (int)((ticket.Properties.ExpiresUtc.Value - ticket.Properties.IssuedUtc.Value).TotalSeconds),
                    }, Configuration.Formatters.JsonFormatter)
                };
            }

    Best Regards,

    Yohann Lu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, June 6, 2016 2:27 AM

All replies

  • User36583972 posted

    Hi Ken.N,

    You can use the following method. You can parse the token value and Refresh/updating existing Token validity.

           /// <summary>
            /// Updating existing Token validity  
            /// </summary>
            /// <param name="Token"></param>
            /// <returns></returns>
            /// using System.Security.Claims;using System.Runtime.Caching;using Microsoft.Owin.Security;using Microsoft.Owin.Infrastructure;using Microsoft.AspNet.Identity;
            public HttpResponseMessage UpdateTokenTime(string Token)
            {
                AuthenticationTicket ticket = Startup.OAuthOptions.AccessTokenFormat.Unprotect(Token);
                ClaimsIdentity identity = ticket.Identity;
                if (ticket != null && (ticket.Properties != null && ticket.Properties.ExpiresUtc.HasValue))
                {
                    if (ticket.Properties.ExpiresUtc.Value < DateTimeOffset.UtcNow)
                    {
                        //Change the time - Increased 3600 seconds
                        ticket.Properties.ExpiresUtc.Value.AddSeconds(3600);
                    }
                }
                //Token encryption protection
                string token = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);
                //Back token, the client saved.
                return new HttpResponseMessage(HttpStatusCode.OK)
                {
                    Content = new ObjectContent<object>(new
                    {
                        accessToken = token,
                        expiresIn = (int)((ticket.Properties.ExpiresUtc.Value - ticket.Properties.IssuedUtc.Value).TotalSeconds),
                    }, Configuration.Formatters.JsonFormatter)
                };
            }

    Best Regards,

    Yohann Lu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, June 6, 2016 2:27 AM
  • User1690434716 posted

    Thanks , Yohann Lu. But let me explain my question :

    I want MVC Client auto add time for token on condition that  :

    + if expires of token <= 5 minutes --> refresh token.

    + else if User not request to MVC in 30 minutes = > return Login Page.

    My question is :

    How to check timeout of Token and Auto add time if user is using my app  ?

    Thank you. 

    Monday, June 6, 2016 4:17 AM
  • User36583972 posted

    Hi Ken.N,

    How to check timeout of Token and Auto add time if user is using my app  ?

    In Web API, the above method can check the token and verify the validity. Also can increase the validity time and returns to the client.

    If the token is defined by yourself. You can implement your needs on your own logic.

    Best Regards,

    Yohann Lu

    Wednesday, June 8, 2016 9:23 AM
  • User1690434716 posted

    I got it. Thank Yohann Lu.

    Thursday, June 9, 2016 1:45 AM