[英]Identity server 4 handling Expired or revoked refresh tokens
I am working with an Identity server 4 system. 我正在使用身份服务器4系统。 We are using the exact code from the MvcHybridAutomaticRefresh sample
我们正在使用MvcHybridAutomaticRefresh示例中的确切代码
The issue is with this code here. 问题出在这里的这段代码。 AutomaticTokenManagementCookieEvents.cs#L73
AutomaticTokenManagementCookieEvents.cs#L73
var response = await _service.RefreshTokenAsync(refreshToken.Value);
if (response.IsError)
{
_logger.LogWarning("Error refreshing token: {error}", response.Error);
return;
}
Currently if a refesh token was revoked by the admins, or the refresh token has expired ( we do not have sliding refresh tokens enabled) Then the application will crash. 当前,如果管理员撤消了刷新令牌,或者刷新令牌已过期(我们未启用滑动刷新令牌),则应用程序将崩溃。 I would expect it to reroute the user to the login screen.
我希望它会将用户重新路由到登录屏幕。
I am i missing something in this sample that it cant handle that? 我在此示例中缺少一些无法解决的问题?
I have also posted this as a question on the issue forum #3599 我也已将其作为问题发布在问题论坛#3599上
is to add The following rather where it detects the error 是在检测错误的位置添加以下内容
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
which i had hoped would log the user out. 我希望该用户可以注销。 This just hangs and never goes anywhere.
这只是挂,永远不会去任何地方。 Its not even logging you out of the server.
它甚至没有使您退出服务器。
The only thing i can find currently that remotely works is to add a catch in the api call. 目前,我能找到的唯一可以远程工作的方法是在api调用中添加一个catch。 This is not ideal as in our actual application we have a lot of api calls this would mean making a lot of changes to our application.
这并不理想,因为在我们的实际应用程序中,我们有很多api调用,这意味着需要对我们的应用程序进行大量更改。 Isnt there a way to force a login directly from the middle wear itself?
是否有一种方法可以直接从中间穿戴本身强制登录?
[Authorize]
public async Task<IActionResult> CallApi()
{
try
{
var token = await HttpContext.GetTokenAsync("access_token");
var client = _httpClientFactory.CreateClient();
client.SetBearerToken(token);
var response = await client.GetStringAsync(Constants.SampleApi + "identity");
ViewBag.Json = JArray.Parse(response).ToString();
return View();
}
catch (Exception)
{
return new SignOutResult(new[] { "Cookies", "oidc" });
}
}
You can add just one row to force the middleware to perform the challenge again: 您可以仅添加一行以强制中间件再次执行挑战:
if (response.IsError)
{
_logger.LogWarning("Error refreshing token: {error}", response.Error);
context.RejectPrincipal();
return;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.