public string CreateToken(string username)
{
var claims = new ClaimsIdentity();
claims.AddClaim(new Claim(ClaimTypes.NameIdentifier, username));
var tokennDescription = new SecurityTokenDescriptor()
{
Subject = claims,
Expires = DateTime.UtcNow.AddSeconds(60),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(this.secret), SecurityAlgorithms.HmacSha256Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var createdToken = tokenHandler.CreateToken(tokennDescription);
return tokenHandler.WriteToken(createdToken);
}
I read that using utc hour causes conflict, I added ClockSkew = TimeSpan.Zero and it worked but I read that in practice it is not good to use it, any practical solution?
I need the token to expire after 60 seconds, regardless of the time zone you are in and the time of your device.