ASP.NET Identity: Add ability to have different token lifespan for different purposes
We're generating tokens for password resets and user invites/registration using the GeneratePasswordResetTokenAsync() and GenerateUserTokenAsync() methods exposed by the UserManager class, respectively. We'd like to be able to have a different lifespan for each of those token types (e.g. 20 minutes for password resets and 1 week for user invites/registration). However, the DataProtectorTokenProvider class only has a single TokenLifespan that is used for all purposes.
I believe this is in progress for ASP.NET Core
Any updates on this? It really is tragic that the lifespan is shared across multiple purposes. Furthermore, it will be nice to have an easy way to retrieve said lifespan at runtime.
Aravind Chembeti commented
This is required for earlier versions as well not just .Net Core.
Chris Staley commented
This has been cross-posted to CodePlex: https://aspnetidentity.codeplex.com/workitem/2228