Why Email Confirmation Token Getting Expired After 10 Minutes [.Net 8]

Question

I must adjust the email confirmation token expiration to **30** minutes. Despite trying numerous solutions suggested on StackOverflow, none of them were successful for me.

This is the code that I use in the class Program.cs.

builder.Services.Configure<DataProtectionTokenProviderOptions>(options =>
{
    options.TokenLifespan = TimeSpan.FromMinutes(30);
});

I'm using the code snippet below to generate the confirmation token:

var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);

But, when I try to validate the token by using

 var varifyAccount = await _userManager.ConfirmEmailAsync(user, token);

it returns an Invalid token If I access it after 10 minutes.

Answer 1

The usermanager.GenerateEmailConfirmationTokenAsync method will use the EmailToken provider to generate the token.And the default value for EmailToken provider should be the token provider you used when registering your identity in program.cs.Therefore, if you want to modify the token lifetime, you should modify the token provider's token lifetime properties.

Here is an example you can use as a reference:

builder.Services.AddDefaultIdentity<WebApplication7User>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddRoles<IdentityRole>()
    .AddEntityFrameworkStores<WebApplication7Context>()
    .AddDefaultTokenProviders()
.AddTokenProvider<DataProtectorTokenProvider<WebApplication7User>>(TokenOptions.DefaultEmailProvider);
builder.Services.Configure<DataProtectionTokenProviderOptions>(options => options.TokenLifespan = TimeSpan.FromMinutes(3));

I can get varifyAccount successfully:

The token life cycle attribute is set successfully after the set time: