How To Refresh Token For A Website User

Suppose, we have to redirect a user to the Login page after a certain idle time. Let's discuss how to refresh the token for another 5 minutes.

There are cases in Websites when we need to refresh a website user's authentication token, regardless of they are active or inactive. If a user is inactive, its easier to find the time and redirect user to a login page for re-authentication. 
 
Let's see how we can force refresh a user auth token. 
 
Parameters needed for the token refreshed:
 
var Data ="refresh_token="+Token+"&grant_type=refresh_token" 
 
We will send the above parameters in the token method. Here, our token method will return a new access token and refresh_token.
 
API changes for the refreshed token
 
We have to append the refreshtokenprovider like below method in the startup class.

  1. static startup() {  
  2.     OAuth = new OAuthAutherizationserverOptions {  
  3.         TokenEndPointPath = new PathString("/Token"),  
  4.             Provider = new OAuthProvider(),  
  5.             AccessTokenExpireTimeSpan = Timespan.FromMInutes(20), // Expiration time of the token  
  6.             AllowInsecureHttp = True, // for local, On production please do it false  
  7.             RefreshTokenProvider = new AppRefreshTokenProvider()  
  8.     }  
  9. }  
Code for AppRefreshTokenProvider
 
The AuthenticationTokenProvider class helps to extend the expiration time of the token. We need to override the Create and Recieve methods of AuthenticationTokenProvider class.
  1. Public class AppRefreshTokenProvider: AuthenticationTokenProvider {  
  2.     Public override void create(AuthenticationTokenCreateContext _context) {  
  3.         _context.Ticket.Properties.Expires = new DateTimeOffSet(DateTime.Now.AddMinutes(5)); //  Extending 5 minutes before expiration of token.  
  4.         _context.SetToken(_context.SerializeTicket())  
  5.     }  
  6.     Public override void receive(AuthenticationTokenReceiveContext _context) {  
  7.         _context.DeserializeTicket(_context.Token);  
  8.     }  
  9. }  
The above method extends 5 minutes in the expiration time of the token. 
 
In this blog, I have explained how you can refresh a token.