Add ability to have different token lifespan for different purposes


I'm posting this at the request of Rick Anderson. It was originally posted on the User Voice site: http://aspnet.uservoice.com/forums/41199-general-asp-net/suggestions/5856602-asp-net-identity-add-ability-to-have-different-to.

We're generating tokens for password resets and user invites/registration using the GeneratePasswordResetTokenAsync() and GenerateUserTokenAsync() methods exposed by the UserManager class, respectively. We'd like to be able to have a different lifespan for each of those token types (e.g. 20 minutes for password resets and 1 week for user invites/registration). However, the DataProtectorTokenProvider class only has a single TokenLifespan that is used for all purposes.
Closed Aug 18, 2014 at 9:21 PM by raspranav
We will consider this for the next major update


rastographics wrote Jun 5, 2014 at 5:48 AM

Also, specify a separate timespan for EmailConfirmation tokens too.

uniprof wrote Dec 4, 2015 at 8:41 PM

Any news about this?

Chembeti wrote Jun 27, 2016 at 3:38 AM

It is almost 2 years since this ticket was closed; any update is highly appreciated.

gabrielmunumel wrote Mar 17 at 7:13 AM

Any update about this work item?