访问令牌过期时使用刷新令牌
[英]Use Refresh Token When Access Token is Expired
问题描述
I'm using OAuth in .Net-Core 2.1 to Login to Coinbase, I've configured my authenticaton like so: 
我在.Net-Core 2.1中使用OAuth登录到Coinbase,我已经按照如下方式配置了我的身份验证:
services.AddAuthentication(COOKIE_AUTH)
.AddCookie(options => options.ExpireTimeSpan = TimeSpan.FromMinutes(60))
.AddCoinbase(options => {
options.SendLimitAmount = 1;
options.SendLimitCurrency = "USD";
options.SendLimitPeriod = SendLimitPeriod.day;
options.ClientId = Configuration["Coinbase:ClientId"];
options.ClientSecret = Configuration["Coinbase:ClientSecret"];
COINBASE_SCOPES.ForEach(scope => options.Scope.Add(scope));
options.SaveTokens = true;
options.ClaimActions.MapJsonKey("urn:coinbase:avatar", "avatar_url");
});
Using Postman I see that I'm getting an access token and a refresh token. 使用邮递员,我看到我正在获取访问令牌和刷新令牌。 My token expires within two hours and never refreshes. 我的令牌会在两个小时内过期,并且永不刷新。
I know I can manually refresh the token, but I would expected this to be build into .net some where 我知道我可以手动刷新令牌,但是我希望可以将其内置到.net中
Is there a way to refresh my token built into .net? 有没有办法刷新内置在.net中的令牌?
1 个解决方案
解决方案1
1 2018-11-08 04:45:20
This doesn't make sense since the client is responsible for sending a valid token in order to expect the request to be authorized. 这没有任何意义,因为客户端负责发送有效令牌以期望请求得到授权。 When clients typically send tokens , they typically do so in a header. 当客户端通常发送令牌时,它们通常在标头中发送令牌。 That header only contains a single access token, not a refresh token. 该标头仅包含一个访问令牌,而不包含刷新令牌。 Instead the refresh token is persisted at the client and used to get an access token that IS valid. 取而代之的是,刷新令牌在客户端保留,并用于获取有效的访问令牌。 Then it can make a different request and expect a different outcome. 然后,它可以提出不同的请求并期望得到不同的结果。 The flow is important. 流量很重要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.