okta / okta-aspnet

okta-aspnet
https://github.com/okta/okta-aspnet
Apache License 2.0
86 stars 52 forks source link

Okta-AspNet: OpenIdConnectOptions.UseTokenLifetime property is not configurable in the current Okta.AspNet middleware build #116

Open chickenfeetsd opened 4 years ago

chickenfeetsd commented 4 years ago

Please expose OpenIdConnectOptions.UseTokenLifetime property via OktaMvcOptions and populate the value of OpenIdConnectOptions.UseTokenLifetime property with the value from OktaMvcOptions in the OpenIdConnectAuthenticationOptionsBuilder.BuildOpenIdConnectAuthenticationOptions() function.

Use case is the following: Setup an OWIN pipeline with Cookie Middleware and OpenID Connect Middleware. With ASP.NET, the value for UseTokenLifetime is default to True, which tells the Cookie Middleware to set the session duration and validity window to be the same as id_token lifetime. There is a need to decouple the session validity window from the token, therefore, there shall be an ability to change the UseTokenLifetime value to False.

laura-rodriguez commented 4 years ago

Hi @chickenfeetsd ,

Thank you for taking the time to write this request.

We will discuss this internally with the team and prioritize accordingly. Stay tuned for updates.

aperlstein commented 2 years ago

We are running into an issue where are unable to set the cookie lifetime for a custom application, we believe because of this issue. Is there any update when the flag will be added?