I got a JS client using the library oidc-client-ts in the front end and a .Net API protected with JWT issued by an external Duende Identity Server installation.
The user gets signed in and can make requests to the API. Now I'm trying to implement the "remember me" functionality, and I would like the user to be signed in a few days if they haven't signed out.
I'm using refresh tokens and if the user have the browser window opened everything works as expected. But since the cookie idsrv.session which holding the identity session is a session cookie, the user will need to login again if the user has closed the browser window. The .Net Cookie .AspNetCore.Identity.Application have the max age I want, but that seems not to be enough.
Anyone know how to make the login session persistent?
I found out that
services.Configure<SecurityStampValidatorOptions>(o => o.ValidationInterval = TimeSpan.FromDays(30));did the trick.