[英]How to refresh access token
I have an Asp.net 2.0 core web application which connects to an Identity server 4 application for authentication.我有一个 Asp.net 2.0核心 Web 应用程序,它连接到 Identity server 4 应用程序以进行身份验证。 There is also an API involved.
还涉及一个API。 The API consumes an access token as a bearer token.
API 使用访问令牌作为不记名令牌。
My startup:我的启动:
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = idsEndPoint;
options.RequireHttpsMetadata = false;
options.ClientId = "testclient";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("testapi");
});
Controller:控制器:
In my controllers i can see my tokens and they are all populated and i can use the access token in my API calls.在我的控制器中,我可以看到我的令牌并且它们都被填充,我可以在我的 API 调用中使用访问令牌。
var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
var refreshToken = await HttpContext.GetTokenAsync(IdentityConstants.HttpContextHeaders.RefreshToken);
var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);
Question:问题:
My problem occurs after one hour where the access token expires.我的问题在访问令牌过期一小时后出现。 It appears that it is not automatically being refreshed.
似乎它不会自动刷新。 I am wondering if this is a setting in my authentication that will cause it to refresh it.
我想知道这是否是我的身份验证中的设置,会导致它刷新它。 However I have been unable to find out how I am supposed to force it to refresh the access token after it has expired.
但是,我一直无法找出应该如何强制它在访问令牌过期后刷新它。
My current solution is to refresh it myself but I would have thought this would be built into the cookie middleware.我目前的解决方案是自己刷新它,但我原以为这会内置到 cookie 中间件中。
for automatic refresh token, add options.Scope.Add("offline_access");
对于自动刷新令牌,添加
options.Scope.Add("offline_access");
to AddOpenIdConnect()
options.添加
AddOpenIdConnect()
选项。
This approach uses OpenIddict, you need to implement the main configuration inside startup.cs.这种方式使用OpenIddict,需要在startup.cs里面实现主配置。 The next Link is an excellent example of this implementation.
下一个链接是这种实现的一个很好的例子。 Hope be useful
希望有用
https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow
if (request.IsPasswordGrantType())
{
if (!Email_Regex_Validation.Check_Valid_Email_Regex(request.Username))
{
return BadRequest(Resources.RegexEmail);
}
SpLoginUser stored = new SpLoginUser(_context);
string result = stored.Usp_Login_User(request.Username, request.Password);
if (!result.Contains("successfully"))
{
return Forbid(OpenIddictServerDefaults.AuthenticationScheme);
}
// Create a new ClaimsIdentity holding the user identity.
var identity = new ClaimsIdentity(
OpenIddictServerDefaults.AuthenticationScheme,
OpenIdConnectConstants.Claims.Name,
OpenIdConnectConstants.Claims.Role);
identity.AddClaim(Resources.issuer, Resources.secret,
OpenIdConnectConstants.Destinations.IdentityToken);
identity.AddClaim(OpenIdConnectConstants.Claims.Name, request.Username,
OpenIdConnectConstants.Destinations.IdentityToken);
var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OfflineAccess);
// Ask OpenIddict to generate a new token and return an OAuth2 token response.
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.