OAuth2:“auth_time”声明是否与刷新令牌到期相关?
[英]OAuth2: Is the `auth_time` claim tied to the refresh token expiration?
问题描述
If I know that my auth provider sets refresh tokens to expire after twelve hours, and I have authenticated and my auth_time claim shows as 9AM today, can I safely assume that at 9PM tonight my refresh token will expire?
如果我知道我的身份验证提供者将刷新令牌设置为在十二小时后过期,并且我已经通过身份验证并且我的auth_time声明显示为今天上午 9 点,我可以安全地假设我的刷新令牌将在今晚晚上 9 点过期吗? Or are auth_time and refresh token issuance/expiration independent of one another?或者auth_time和 refresh 令牌发行/到期是否相互独立?
1 个解决方案
解决方案1
2 已采纳 2020-08-05 19:07:11
It depends on the auth provider, but in some providers you can set difference expire times on the different tokens (id/access/refresh).这取决于身份验证提供程序,但在某些提供程序中,您可以在不同的令牌(id/access/refresh)上设置不同的过期时间。 Also some supports absolute or sliding expiration times.还有一些支持绝对或滑动到期时间。
Sample expire config options for IdentityServer can be found here for inspiration.可以在此处找到 IdentityServer 的示例过期配置选项以获得灵感。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.