public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var auth = new AuthenticationServices(); var validationResult = auth.GlobalLogin(context.UserName, context.Password, "Web"); if (validationResult.Success) { var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); context.Validated(oAuthIdentity); var user = new UserServices().GetUser(context.UserName); oAuthIdentity.AddClaim(new Claim("user_id", user.Id.ToString())); //set different time spans here if (user.Membership == "Service Account") { context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60); } context.Validated(oAuthIdentity); } else { context.SetError("invalid_grant", validationResult.ErrorMessage); } return(Task.FromResult <object>(null)); }