堆栈内存溢出
  简体   繁体   English

身份服务器4处理过期或已撤销的刷新令牌

[英]Identity server 4 handling Expired or revoked refresh tokens

 原文  2019-09-06 06:20:56       c#/ asp.net-core/ oauth/ oauth-2.0/ identityserver4

问题描述

I am working with an Identity server 4 system. 我正在使用身份服务器4系统。 We are using the exact code from the MvcHybridAutomaticRefresh sample 我们正在使用MvcHybridAutomaticRefresh示例中的确切代码

The issue is with this code here. 问题出在这里的这段代码。 AutomaticTokenManagementCookieEvents.cs#L73 AutomaticTokenManagementCookieEvents.cs#L73 

var response = await _service.RefreshTokenAsync(refreshToken.Value);
    if (response.IsError)
       {
       _logger.LogWarning("Error refreshing token: {error}", response.Error);
       return;
       }

Currently if a refesh token was revoked by the admins, or the refresh token has expired ( we do not have sliding refresh tokens enabled) Then the application will crash. 当前,如果管理员撤消了刷新令牌,或者刷新令牌已过期(我们未启用滑动刷新令牌),则应用程序将崩溃。 I would expect it to reroute the user to the login screen. 我希望它会将用户重新路由到登录屏幕。

I am i missing something in this sample that it cant handle that? 我在此示例中缺少一些无法解决的问题?

I have also posted this as a question on the issue forum #3599 我也已将其作为问题发布在问题论坛#3599上

current attempt 当前尝试

is to add The following rather where it detects the error 是在检测错误的位置添加以下内容 

await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

which i had hoped would log the user out. 我希望该用户可以注销。 This just hangs and never goes anywhere. 这只是挂,永远不会去任何地方。 Its not even logging you out of the server. 它甚至没有使您退出服务器。

Current Solution 当前解决方案

The only thing i can find currently that remotely works is to add a catch in the api call. 目前,我能找到的唯一可以远程工作的方法是在api调用中添加一个catch。 This is not ideal as in our actual application we have a lot of api calls this would mean making a lot of changes to our application. 这并不理想,因为在我们的实际应用程序中,我们有很多api调用,这意味着需要对我们的应用程序进行大量更改。 Isnt there a way to force a login directly from the middle wear itself? 是否有一种方法可以直接从中间穿戴本身强制登录? 

[Authorize]
    public async Task<IActionResult> CallApi()
    {
        try
        {
            var token = await HttpContext.GetTokenAsync("access_token");

            var client = _httpClientFactory.CreateClient();
            client.SetBearerToken(token);

            var response = await client.GetStringAsync(Constants.SampleApi + "identity");
            ViewBag.Json = JArray.Parse(response).ToString();

            return View();
        }
        catch (Exception)
        {
            return new SignOutResult(new[] { "Cookies", "oidc" });
        }
    }

1 个解决方案

解决方案1
 1 已采纳  2019-09-06 18:18:50

You can add just one row to force the middleware to perform the challenge again: 您可以仅添加一行以强制中间件再次执行挑战: 

if (response.IsError)
{
    _logger.LogWarning("Error refreshing token: {error}", response.Error);
    context.RejectPrincipal();
    return;
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 刷新失败,并显示403禁止错误。 刷新令牌已撤消或过期 - Refresh failed with a 403 Forbidden error. The refresh token was revoked or expired Identity Server 4 令牌签名 - Identity Server 4 tokens signing Identity Server(OpenID Connect)混合流程:需要用户使用刷新令牌保持登录状态5年 - Identity Server (OpenID Connect) Hybrid Flow: Need user to stay signed in for 5 years using Refresh Tokens 令牌已过期或撤销 - Token has been expired or revoked ASP.NET Identity,在 UserTokens 表中存储刷新令牌 - ASP.NET Identity, storing refresh tokens in the UserTokens table AspNet.Security.OpenIdConnect.Server。 刷新令牌 - AspNet.Security.OpenIdConnect.Server. Refresh tokens 令牌已过期或被撤销 - Google Ads - Token has expired or revoked - Google Ads 终生验证失败。 令牌已过期。 - 身份服务器 4 - Lifetime validation failed. The token is expired. - Identity Server 4 用身份理解 Identityserver4(cookies/tokens,服务器架构) - Understanding Identityserver4 with Identity (cookies/tokens, server architecture) Identity Server 4-将刷新令牌保存在数据库中 - Identity Server 4 - saving refresh token in datatabase
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM