Duende Software
Eearly session expiry while using the External Identity provider #95
Unanswered
AbhiEVision
asked this question in
IdentityServer
Replies: 1 comment
-
|
Can you please indicate how this question differs from the one you already asked? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IdentityServer version
6.3.10
.NET version
6
Description
I made an SSO ( Single Sign On) ( MVC Application ) and intergrated Google as External Identity provider. have second project API which is in the .net 8 and its frontend is in the Angular 16.
Now i have two flow for login one is Password flow and Second one is External ( Google ) now when i am login with the Password flow my session is worked as per configuration of Client but when i am Login with Google session gonna expire early than configuration.
My Client Configuration is as per below:
IdentityTokenLifeTime: 300
AccessTokenLifeTime: 1200
AuthorizationCodeLifeTime: 300
AbsoluteRefreshTokenLifeTime: 604800 (7 Days)
RefreshTokenUsage: OneTimeOnly
RefreshTokenExpiration: Absolute
Also i configured the Application cookies as below
ExpireTimeSpan = 1 Day
SlidingExpiration = true
Here is the configuration of Identity server
Events.RaiseErrorEvents = true;
Events.RaiseFailureEvents = true;
Events.RaiseSuccessEvents = true;
EmitStaticAudienceClaim = true;
KeyManagement.DataProtectKeys = true;
ServerSideSessions.UserDisplayNameClaimType = "name";
ServerSideSessions.RemoveExpiredSessions = true;
ServerSideSessions.RemoveExpiredSessionsFrequency = TimeSpan.FromSeconds(3);
ServerSideSessions.ExpiredSessionsTriggerBackchannelLogout = true;
Authentication.CookieSlidingExpiration = true;
Authentication.CookieLifetime = TimeSpan.FromMinutes(1440); // 1 Day
also added
.AddConfigurationStore(configurationStoreOptions =>
{
configurationStoreOptions.ResolveDbContextOptions = ResolveDbContextOptions;
})
.AddOperationalStore(operationalStoreOptions =>
{
operationalStoreOptions.ResolveDbContextOptions = ResolveDbContextOptions;
operationalStoreOptions.EnableTokenCleanup = true;
operationalStoreOptions.TokenCleanupInterval = 10;
})
.AddServerSideSessions();
also added session using this
.AddSession()
and pipeline also
UseSession()
While using this configuration in Angular application i got the event of logout earlier than password flow.
Also i notice that External Expiration time 30 min after that i got the session timeout
Can anyone help me what am i doing wrong which cause the session expiry early?
Reproduction steps
No response
Expected behavior
No response
Logs
No response
Additional context
No response
Beta Was this translation helpful? Give feedback.
All reactions