[英]Why dont i get a new refresh token when i refresh access token in Salesfroce?
When i first authenticate to Salesforce I get an access token and a refresh token.当我第一次向 Salesforce 进行身份验证时,我获得了一个访问令牌和一个刷新令牌。 But if the access token has expired i make a call using the refresh token to get a new access token, but in the response there is no new refresh token, is that correct, does the refresh token nver expire for Salesforce.
但是,如果访问令牌已过期,我使用刷新令牌进行调用以获取新的访问令牌,但在响应中没有新的刷新令牌,这是正确的,刷新令牌是否在 Salesforce 过期。
Here is the call i am making to get a new access token using the refresh call.这是我使用刷新调用获取新访问令牌的调用。
var client = new
RestClient("https://myOrg.salesforce.com/services/oauth2/token");
var request = new RestRequest("", Method.POST);
request.AddParameter("refresh_token", {currentRefreshToken},
ParameterType.GetOrPost);
request.AddParameter("grant_type", "refresh_token", ParameterType.GetOrPost);
request.AddParameter("client_id", {clientId}, ParameterType.GetOrPost);
request.AddParameter("client_secret", {clientsecret}, ParameterType.GetOrPost);
var response = client.Execute(request);
I would have expected a new Refresh token in the response?我会期望响应中有一个新的刷新令牌吗?
What does the documentation say?文档怎么说? An Authorization Server does not have to roll refresh tokens.
授权服务器不必滚动刷新令牌。 It also doesn't mean that the refresh token does not expire.
这也不意味着刷新令牌不会过期。 If the refresh token is a JWT you can decode it and check the expiration time.
如果刷新令牌是 JWT,您可以对其进行解码并检查过期时间。 Otherwise, you can use it for as long as you don't get a 401 response from the refresh endpoint.
否则,只要您没有从刷新端点收到 401 响应,就可以使用它。 Once you do, it means that you have to perform the authorization flow once more.
一旦这样做,就意味着您必须再次执行授权流程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.