什么是刷新令牌,我们可以控制刷新 AADB2C 中的 ID 和访问令牌吗?
[英]What is refresh token and can we control refreshing the ID and Access token in AADB2C?
问题描述
My team is working on implementing or rather configuring B2C login for our client's mobile app.
我的团队正在为我们客户的移动应用程序实施或更确切地说配置 B2C 登录。 We got the configuration setup to a point where the user can login to the app once and the token gets cached in MSAL.我们将配置设置到用户可以登录到应用程序一次并且令牌缓存在 MSAL 中的程度。 And next time onwards, the user is able to directly login without entering his/her credentials.下次以后,用户可以直接登录而无需输入他/她的凭据。 We are following the pattern as described here我们遵循此处描述的模式
Our code first tries to retrieve the token using AcquireTokenSilent and if the token is not present in the MSAL cache, then we retrieve it using AcquireTokenInteractive .我们的代码首先尝试使用AcquireTokenSilent检索令牌,如果该令牌不存在于 MSAL 缓存中,则我们使用AcquireTokenInteractive检索它。
I was trying to understand how the ID and Access tokens are refreshed and found on MS docs here about tokens which says我试图了解如何刷新 ID 和访问令牌,并在此处的 MS 文档中找到关于令牌的内容
Refresh tokens are used to acquire new ID tokens and access tokens in an OAuth 2.0 flow.
This also mentioned that when we redeem the refresh token to get new ID and Access tokens, we also get a new refresh token that replaces the previous refresh token.这里也提到了,当我们兑换刷新令牌来获取新的 ID 和访问令牌时,我们也会得到一个新的刷新令牌来替换之前的刷新令牌。
Now I tried logging out and log back into my mobile app after 1 hour or more and I was still able to login.现在我尝试注销并在 1 小时或更长时间后重新登录我的移动应用程序,但我仍然能够登录。 When I inspected the claims, the ID and Access token expiry was refreshed to next 1 hour of login.当我检查声明时,ID 和访问令牌到期被刷新到下一个 1 小时的登录时间。
My question here is:我的问题是:
- Since ID token and Access tokens have default expiry to 1 hr, then how is it that even though I was logged out for more than an hour, my token refreshed and I was able to login without entering user credentials.由于 ID 令牌和访问令牌的默认到期时间为 1 小时,那么即使我注销了一个多小时,我的令牌也刷新了,并且我能够在不输入用户凭据的情况下登录。
- If this is because refresh token automatically refreshes the ID and Access tokens when they approach their expiry, then does this process go on till the refresh token expires itself.如果这是因为刷新令牌会在 ID 和访问令牌接近到期时自动刷新,那么此过程是否会在 go 上运行,直到刷新令牌自行到期。
- The MS docs also mentioned that when the ID and Access tokens are regenerated after their expiry, we also get a new refresh token. MS 文档还提到,当 ID 和 Access 令牌过期后重新生成时,我们还会获得一个新的刷新令牌。 If this is the case then the refresh token would never expire since the new token will always have new expiry.如果是这种情况,那么刷新令牌将永远不会过期,因为新令牌将始终具有新的过期时间。
- Is there a way to control the refresh token so that we can control when to refresh the ID and Access tokens.有没有办法控制刷新令牌,以便我们可以控制何时刷新 ID 和访问令牌。
I am sorry if I missed anything but I am a little confused on how the refresh token works and is there a way to control when to refresh the tokens and when not.如果我错过了什么,我很抱歉,但我对刷新令牌的工作原理有点困惑,有没有办法控制何时刷新令牌,何时不刷新。
Thanks in advance.提前致谢。
1 个解决方案
解决方案1
0 2021-06-02 09:21:54
Yes, the refresh token is used to get the new id token and access token, even the id token and access token were expired, as long as the refresh token does not expire, it could use the refresh token to get new id token and access token, meanwhile, a new refresh token will be generated, if you want to configure the token lifetime, you could do that in the portal.是的,刷新令牌用于获取新的id令牌和访问令牌,即使id令牌和访问令牌都过期了,只要刷新令牌没有过期,就可以使用刷新令牌获取新的id令牌和访问权限令牌,同时会生成一个新的刷新令牌,如果你想配置令牌的生命周期,你可以在门户中进行。
Reference - https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-tokens?pivots=b2c-user-flow参考 - https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-tokens?pivots=b2c-user-flow
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.