search

DuendeSoftware / Support

Support for Duende Software products
20 stars 0 forks source link

How to extend inactivity timeout #1321

Closed mlaflamme49 closed 2 days ago

mlaflamme49 commented 1 week ago

Which version of Duende BFF are you using? 7.0.5 Which version of .NET are you using? 8 Describe the bug Hi, I'm using BFF and trying to extend the delay of inactivity allowed to the user before they need to log back in. Currently it expires after a few minutes even tough I set the session timeout to 3 hours. Should I send keepalive requests to my API ? I'm suspecting something is off in my configuration(see below) Thanks ` BFF builder.Services.AddAuthentication(options => { options.DefaultScheme = "cookie"; options.DefaultChallengeScheme = "oidc"; options.DefaultSignOutScheme = "oidc"; }).AddCookie("cookie", options => { // options.Cookie.Domain = ISConf.CookieDomain; options.Cookie.Name = ISConf.CookieName; options.Cookie.SameSite = SameSiteMode.Strict; options.ExpireTimeSpan = new TimeSpan(0, ISConf.SessionExpirationMinutes, 0); /3 hours/ options.SlidingExpiration = true; }).AddOpenIdConnect("oidc", options => { options.Authority = ISConf.Authority; options.ClientId = ISConf.IS.ClientId; options.ClientSecret = ISConf.IS.ClientSecret;

options.ResponseType = "code";
options.ResponseMode = "query";

options.GetClaimsFromUserInfoEndpoint = true;
options.MapInboundClaims = true;
options.SaveTokens = true;
options.Scope.Clear();
options.UseTokenLifetime = true;

foreach (var s in DefaultIdentityServerConfig.DefaultScopes) options.Scope.Add(s);
foreach (var s in DefaultIdentityServerConfig.GetApiScopes(ISConf)) options.Scope.Add(s.Name);

options.TokenValidationParameters = new()
{
    NameClaimType = "name",
    RoleClaimType = ClaimTypes.Role,
};

options.Events.OnRedirectToIdentityProvider = (ctx) =>
{
    var culture = ctx.HttpContext.Features.Get<IRequestCultureFeature>().RequestCulture.UICulture;
    if (Formation.Utilities.Localization.SupportedCultures.Contains(culture))
    {
        ctx.ProtocolMessage.UiLocales = culture.Name;
    }
    return Task.CompletedTask;
};

});

//Identity server builder.Services .AddIdentityServer(options => { options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true;

     // see https://docs.duendesoftware.com/identityserver/v6/fundamentals/resources/
     options.EmitStaticAudienceClaim = true;
     options.LicenseKey = ISConf.DuendeKey;
     options.Authentication.CookieLifetime = new TimeSpan(0, ISConf.SessionExpirationMinutes, 0);/*3 hours*/
     options.Authentication.CookieSlidingExpiration = true;
 }).
 AddConfigurationStore(options =>
 {
     options.ConfigureDbContext = DBbuilder =>
         DBbuilder.UseSqlServer(builder.Configuration.GetConnectionString("App"),
             sql => sql.MigrationsAssembly(migrationsAssembly));
     options.DefaultSchema = "ISConfig";
 }).
 AddConfigurationStoreCache().
 AddOperationalStore(options =>
 {
     options.ConfigureDbContext = DBbuilder =>
         DBbuilder.UseSqlServer(builder.Configuration.GetConnectionString("App"),
             sql => sql.MigrationsAssembly(migrationsAssembly));

     // this enables automatic token cleanup. this is optional.
     options.EnableTokenCleanup = true;
     options.TokenCleanupInterval = 3600; // interval in seconds (default is 3600)
     options.DefaultSchema = "ISOps";
 }).
 AddAspNetIdentity<Utilisateur>().
 AddProfileService<ProfileService>();

`

RolandGuijt commented 6 days ago

This line of code might be the problem:

options.UseTokenLifetime = true;

This will ignore ExpireTimeSpan setting and will set the cookie lifetime to the lifetime of the identity token which is very short.

mlaflamme49 commented 2 days ago

It did the trick, thanks