I've set up Web API + oauth2 bearer token authentication successfully. I get a token via the /authtoken endpoint and can use it for calls to protected areas of the web api.
However, I have set the expiration on 7 days, but the token seems only valid for about 5 minutes:
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/authtoken"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(7),
Provider = new SimpleAuthorizationServerProvider()
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
What could be wrong here?
Weird, adding a machine key to the web.config fixed it. I'm not using different servers nor different webapps so why adding a machine key works beats me, but I guess it's good practice anyway.