刷新令牌不会使 AzureAD 过期
[英]Refresh Token not Expiring AzureAD
问题描述
The server should invalidate the refresh token that has already been used for generating new access token and refresh tokens, however the refresh token can be used multiple times for generating new tokens, without being invalidated, even though the server provides a new refresh token each time the request is triggered.
服务器应该使已经用于生成新访问令牌和刷新令牌的刷新令牌失效,但是刷新令牌可以多次用于生成新令牌,而不会被失效,即使服务器每次都提供新的刷新令牌请求被触发。 I'm using AzureAD for my application.我正在为我的应用程序使用 AzureAD。
I know there is a way to expire refresh tokens that have already been used using Refresh Token Rotation Implementation but is it implementable in AzureAD.我知道有一种方法可以使已经使用刷新令牌轮换实现的刷新令牌过期,但它可以在 AzureAD 中实现吗?
1 个解决方案
解决方案1
0 2023-01-10 13:45:25
I'm pretty sure that it is working as they have designed it.我很确定它正在按照他们设计的那样工作。 The purpose is that you can take the new refresh token and replace the one you have in your cache.目的是您可以获取新的刷新令牌并替换缓存中的刷新令牌。 If you are running a distributed application, it is a good thing that the current refresh token doesn't immediately stop working since it allows the other instances to keep working while the token is refreshed in another.如果您正在运行分布式应用程序,那么当前刷新令牌不会立即停止工作是一件好事,因为它允许其他实例继续工作,而令牌在另一个实例中刷新。 As far as I am aware, there is no place to change this behaviour.据我所知,没有地方可以改变这种行为。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.