Can edit the expiration time of a refresh token

Author: habarthierry-hue

src/IdServer/SimpleIdServer.IdServer.Website/Pages/Client/ClientAdvanced.razor

@@ -128,6 +128,16 @@
                         <RadzenNumeric Name="TokenExpirationTimeInSeconds" Class="w-100" @bind-Value=@updateAdvancedClient.TokenExpirationTimeInSeconds></RadzenNumeric>
                     </div>
                 </div>
+                <!-- Refresh token expiration time -->
+                <div class="row mt-1">
+                    <div class="col-md-2">
+                        <RadzenIcon Icon="info" MouseEnter="@(args => ShowTooltip(args, Global.RefreshTokenExpirationTimeTooltip))" />
+                        <RadzenLabel Text="@Global.RefreshTokenExpirationTime" Style="padding: 0px;" />
+                    </div>
+                    <div class="col">
+                        <RadzenNumeric Name="RefreshTokenExpirationTimeInSeconds" Class="w-100" @bind-Value=@updateAdvancedClient.RefreshTokenExpirationTimeInSeconds></RadzenNumeric>
+                    </div>
+                </div>
                 <!-- Cookie expiration time -->
                 <div class="row mt-1">
                     <div class="col-md-2">
@@ -221,6 +231,7 @@
         public string? TokenSignedResponseAlg { get; set; } = null;
         public string? IdTokenSignedResponseAlg { get; set; } = null;
         public string? AuthorizationSignedResponseAlg { get; set; } = null;
+        public double RefreshTokenExpirationTimeInSeconds { get; set; } = 60 * 30;
         public string? AuthorizationDataTypes { get; set; } = null;
         public bool IsDPoPRequired { get; set; } = false;
         public bool IsDPoPNonceRequired { get; set; } = false;
@@ -281,6 +292,11 @@
             updateAdvancedClient.TokenExpirationTimeInSeconds = Client.TokenExpirationTimeInSeconds.Value;
         }
 
+        if(Client.RefreshTokenExpirationTimeInSeconds != null)
+        {
+            updateAdvancedClient.RefreshTokenExpirationTimeInSeconds = Client.RefreshTokenExpirationTimeInSeconds.Value;
+        }
+
         if (Client.UserCookieExpirationTimeInSeconds != null)
         {
             updateAdvancedClient.UserCookieExpirationTimeInSeconds = Client.UserCookieExpirationTimeInSeconds.Value;
@@ -311,6 +327,7 @@
             IsDPoPNonceRequired = client.IsDPoPNonceRequired,
             IsDPoPRequired = client.IsDPoPRequired,
             TokenExpirationTimeInSeconds = client.TokenExpirationTimeInSeconds,
+            RefreshTokenExpirationTimeInSeconds = client.RefreshTokenExpirationTimeInSeconds,
             UserCookieExpirationTimeInSeconds = client.UserCookieExpirationTimeInSeconds,
             AuthorizationCodeExpirationInSeconds = client.AuthorizationCodeExpirationInSeconds,
             DeviceCodeExpirationInSeconds = client.DeviceCodeExpirationInSeconds,

src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.Designer.cs

@@ -2205,4 +2205,10 @@ The <b>authorization_signed_response_alg</b> will be set to <b&gt
   <data name="PasswordIsTemporary" xml:space="preserve">
     <value>The password is temporary</value>
   </data>
+  <data name="RefreshTokenExpirationTime" xml:space="preserve">
+    <value>Refresh token expiration time</value>
+  </data>
+  <data name="RefreshTokenExpirationTimeTooltip" xml:space="preserve">
+    <value>Set the refresh token duration in seconds; by default, the value is 30 minutes</value>
+  </data>
 </root>

src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.resx

@@ -3,6 +3,7 @@
 using Fluxor;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
+using Org.BouncyCastle.Bcpg.OpenPgp;
 using SimpleIdServer.DPoP;
 using SimpleIdServer.IdServer.Api.Clients;
 using SimpleIdServer.IdServer.Api.Token.Handlers;
@@ -693,6 +694,7 @@ public async Task Handle(UpdateAdvancedClientSettingsAction act, IDispatcher dis
             DPOPNonceLifetimeInSeconds = act.DPOPNonceLifetimeInSeconds,
             IsDPOPNonceRequired = act.IsDPoPNonceRequired,
             TokenExpirationTimeInSeconds = act.TokenExpirationTimeInSeconds,
+            RefreshTokenExpirationTimeInSeconds = act.RefreshTokenExpirationTimeInSeconds,
             UserCookieExpirationTimeInSeconds = act.UserCookieExpirationTimeInSeconds,
             AuthorizationCodeExpirationInSeconds = act.AuthorizationCodeExpirationInSeconds,
             DeviceCodeExpirationInSeconds = act.DeviceCodeExpirationInSeconds,
@@ -731,7 +733,8 @@ public async Task Handle(UpdateAdvancedClientSettingsAction act, IDispatcher dis
                 PARExpirationTimeInSeconds = act.PARExpirationTimeInSeconds,
                 DpopLifetimeSeconds = act.DpopLifetimeSeconds,
                 MaxBindingMessageSize = act.MaxBindingMessageSize,
-                MaxRequestParameterLifetimeSeconds = act.MaxRequestParameterLifetimeSeconds
+                MaxRequestParameterLifetimeSeconds = act.MaxRequestParameterLifetimeSeconds,
+                RefreshTokenExpirationTimeInSeconds = act.RefreshTokenExpirationTimeInSeconds
             });
         }
         catch
@@ -1336,6 +1339,10 @@ public class UpdateAdvancedClientSettingsAction
     public bool IsDPoPNonceRequired { get; set; } = false;
     public double DPOPNonceLifetimeInSeconds { get; set; }
     public double TokenExpirationTimeInSeconds { get; set; }
+    public double RefreshTokenExpirationTimeInSeconds
+    {
+        get; set;
+    }
     public double UserCookieExpirationTimeInSeconds { get; set; }
     public int AuthorizationCodeExpirationInSeconds { get; set; }
     public int DeviceCodeExpirationInSeconds { get; set; }
@@ -1365,6 +1372,7 @@ public class UpdateAdvancedClientSettingsSuccessAction
     public int MaxRequestParameterLifetimeSeconds { get; set; }
     public int MaxBindingMessageSize { get; set; }
     public int DpopLifetimeSeconds { get; set; }
+    public double RefreshTokenExpirationTimeInSeconds { get; set; }
 }
 
 public class UpdateAdvancedClientSettingsFailureAction

src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientEffects.cs

@@ -397,6 +397,7 @@ public static ClientState ReduceUpdateAdvancedClientSettingsSuccessAction(Client
             client.MaxRequestParameterLifetimeSeconds = act.MaxRequestParameterLifetimeSeconds;
             client.MaxBindingMessageSize = act.MaxBindingMessageSize;
             client.DpopLifetimeSeconds = act.DpopLifetimeSeconds;
+            client.RefreshTokenExpirationTimeInSeconds = act.RefreshTokenExpirationTimeInSeconds;
             return state with
             {
                 Client = client

src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientReducers.cs

@@ -313,6 +313,7 @@ void Update(Client existingClient, UpdateAdvancedClientSettingsRequest request)
             existingClient.DPOPNonceLifetimeInSeconds = request.DPOPNonceLifetimeInSeconds;
             existingClient.IsDPOPNonceRequired = request.IsDPOPNonceRequired;
             existingClient.TokenExpirationTimeInSeconds = request.TokenExpirationTimeInSeconds;
+            existingClient.RefreshTokenExpirationTimeInSeconds = request.RefreshTokenExpirationTimeInSeconds;
             existingClient.UserCookieExpirationTimeInSeconds = request.UserCookieExpirationTimeInSeconds;
             existingClient.AuthorizationCodeExpirationInSeconds = request.AuthorizationCodeExpirationInSeconds;
             existingClient.DeviceCodeExpirationInSeconds = request.DeviceCodeExpirationInSeconds;

src/IdServer/SimpleIdServer.IdServer/Api/Clients/ClientsController.cs

@@ -52,4 +52,9 @@ public int DpopLifetimeSeconds
     {
         get; set;
     }
+    [JsonPropertyName(OAuthClientParameters.RefreshTokenExpirationTimeInSeconds)]
+    public double RefreshTokenExpirationTimeInSeconds
+    {
+        get; set;
+    }
 }