diff --git a/src/BuildingBlocks/Jwt/JwtExtensions.cs b/src/BuildingBlocks/Jwt/JwtExtensions.cs index 127fd9b..41c9f4c 100644 --- a/src/BuildingBlocks/Jwt/JwtExtensions.cs +++ b/src/BuildingBlocks/Jwt/JwtExtensions.cs @@ -5,6 +5,7 @@ using Microsoft.Extensions.DependencyInjection; namespace BuildingBlocks.Jwt; using Duende.IdentityServer.EntityFramework.Entities; +using Microsoft.IdentityModel.Tokens; public static class JwtExtensions { @@ -20,7 +21,11 @@ public static class JwtExtensions .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { options.Authority = jwtOptions.Authority; - options.TokenValidationParameters.ValidateAudience = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false, + ClockSkew = TimeSpan.FromSeconds(2) // For prevent add default value (5min) to life time token! + }; options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata; options.MetadataAddress= jwtOptions.MetadataAddress; }); diff --git a/src/Services/Identity/src/Identity/Configurations/Config.cs b/src/Services/Identity/src/Identity/Configurations/Config.cs index 41515cf..d1ded48 100644 --- a/src/Services/Identity/src/Identity/Configurations/Config.cs +++ b/src/Services/Identity/src/Identity/Configurations/Config.cs @@ -44,14 +44,11 @@ public static class Config new() { ClientId = "client", - AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, - ClientSecrets = { new Secret("secret".Sha256()) }, - AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, @@ -60,7 +57,9 @@ public static class Config Constants.StandardScopes.PassengerApi, Constants.StandardScopes.BookingApi, Constants.StandardScopes.IdentityApi - } + }, + AccessTokenLifetime = 3600, // authorize the client to access protected resources + IdentityTokenLifetime = 3600 // authenticate the user } }; }