Search code examples
asp.net-corecookiesopenid-connectduende-identity-server

Duende.IdentityServer: Configuration of cookies issued to client users


Assume this setup:

Two separate hosts on two different domains:

  • one identity provider (a SSO server, which have its own front-end including login forms, profile management, etc.)
  • The other one is a mere front-end which requires authorized access and is a client for the identity provider. The authentication process works perfectly.

The lifetime of the cookies issued to the identity provider host users are correctly customized using ConfigureApplicationCookie. I want to extend the lifetime of the cookies issued to the client users.

What has been tried:

  • options.ExpireTimeSpan of ConfigureExternalCookie (Result: no change)
  • options.Authentication.CookieLifetime of AddIdentityServer (Result: messes up everything)

Duende.IdentityServer 7.0.8

.net 8


Solution

  • As this is a client side issue its solution lies in the client side.

    I just needed to configure cookies in client side:

        builder.Services
            .AddAuthentication(...)
            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
            {
                o.Cookie.MaxAge = TimeSpan.FromDays(180);
            })
            .AddOpenIdConnect(...);