This project is read-only.


Add ability to have different token lifespan for different purposes


I'm posting this at the request of Rick Anderson. It was originally posted on the User Voice site:

We're generating tokens for password resets and user invites/registration using the GeneratePasswordResetTokenAsync() and GenerateUserTokenAsync() methods exposed by the UserManager class, respectively. We'd like to be able to have a different lifespan for each of those token types (e.g. 20 minutes for password resets and 1 week for user invites/registration). However, the DataProtectorTokenProvider class only has a single TokenLifespan that is used for all purposes.
Closed Aug 18, 2014 at 10:21 PM by raspranav
We will consider this for the next major update


rastographics wrote Jun 5, 2014 at 6:48 AM

Also, specify a separate timespan for EmailConfirmation tokens too.

uniprof wrote Dec 4, 2015 at 9:41 PM

Any news about this?

Chembeti wrote Jun 27, 2016 at 4:38 AM

It is almost 2 years since this ticket was closed; any update is highly appreciated.

gabrielmunumel wrote Mar 17 at 8:13 AM

Any update about this work item?