Search code examples
asp.net-corecookiesopenid-connectduende-identity-server

Duende.IdentityServer: Configuration of cookies issued to client users

Assume this setup:

Two separate hosts on two different domains:

  • one identity provider (a SSO server, which have its own front-end including login forms, profile management, etc.)
  • The other one is a mere front-end which requires authorized access and is a client for the identity provider. The authentication process works perfectly.

The lifetime of the cookies issued to the identity provider host users are correctly customized using ConfigureApplicationCookie. I want to extend the lifetime of the cookies issued to the client users.

What has been tried:

  • options.ExpireTimeSpan of ConfigureExternalCookie (Result: no change)
  • options.Authentication.CookieLifetime of AddIdentityServer (Result: messes up everything)

Duende.IdentityServer 7.0.8

.net 8

Solution

  • As this is a client side issue its solution lies in the client side.

    I just needed to configure cookies in client side:

        builder.Services
        .AddAuthentication(...)
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
        {
            o.Cookie.MaxAge = TimeSpan.FromDays(180);
        })
        .AddOpenIdConnect(...);