oauth 2.0 - Override AccessTokenExpireTimeSpan

Question

Is possible to override the default AccessTokenExpireTimeSpan for a specific ticket on a custom OAuthAuthorizationServerProvider? The default expiration time for all other tickets is 15 minutes.

public public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    ...
    var ticket = new AuthenticationTicket(identity, properties);

    if (condition)
    {
        ticket.Properties.IssuedUtc = DateTime.UtcNow;
        ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
    }

    context.Validated(ticket);
}

The generated token with condition == true has the default expiration time (15 minutes). I would like to not change the context.Options.AccessTokenExpireTimeSpan because it affects all tokens and that's not the idea.

Answer 1

You have to set the expiration time in the TokenEndPoint method instead of GrantResourceOwnerCredentials method:

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
    ...

    if (condition)
    {
        context.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(14);
    }

    ...
}

I hope it helps.

EDIT

As pointed by Michael in his response to a similar question, if you have a different AccessTokenExpireTimeSpan for each client_id you can override the default configured AccessTokenExpireTimeSpan in the context options with the client one when validating the client authentication:

public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
    ...

    context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(client.AccessTokenExpireTime);

    ...
}