ASP.NET Identity: Add ability to have different token lifespan for different purposes
We're generating tokens for password resets and user invites/registration using the GeneratePasswordResetTokenAsync() and GenerateUserTokenAsync() methods exposed by the UserManager class, respectively. We'd like to be able to have a different lifespan for each of those token types (e.g. 20 minutes for password resets and 1 week for user invites/registration). However, the DataProtectorTokenProvider class only has a single TokenLifespan that is used for all purposes.
I believe this is in progress for ASP.NET Core
Aravind Chembeti commented
This is required for earlier versions as well not just .Net Core.
Chris Staley commented
This has been cross-posted to CodePlex: https://aspnetidentity.codeplex.com/workitem/2228