stackoom
  简体   繁体   中英

How to make Owin automatically use refresh token when access token expires

 原文  2020-07-22 05:16:35       asp.net/ owin/ identityserver4/ openid-connect

Question

I have an Owin client connected to IdentityServer 4, and am wondering how to get owin to request a new access_token using the refresh token. I can successfully get owin to swap the code given for an access_token, id_token and refresh_token with the following configuration:

public void Configuration(IAppBuilder app)
        {
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookie"
            });
            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                Authority = "http://localhost:5000",
                ClientId = "mywebsite",
                ClientSecret = "secret",
                RedirectUri = "https://localhost:5001/",
                ResponseType = "code",
                RequireHttpsMetadata = false,
                SaveTokens = true,
                UseTokenLifetime = true,
                SignInAsAuthenticationType = "Cookie",
                Scope = "openid profile email offline_access",
                RedeemCode = true,
                
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = n =>
                    {
                        Console.WriteLine(n);
                        return System.Threading.Tasks.Task.FromResult(0);
                    },
                    TokenResponseReceived = n =>
                    {
                        Console.WriteLine(n);
                        return System.Threading.Tasks.Task.FromResult(0);
                    }
                },
                
            });
        }

Firstly, where do I save these tokens to? I can access them all the SecurityTokenValidated callback - should they go into the claims? Database? Memory?

Secondly, I have on my IdentityServer client configuration the access_token lifespan set to 60s, identity_token set to 3600s, and refresh to 30 days (please note the access_token is only this short for testing purposes). So how can I configure Owin to recognize that the access_token has expired and that it needs to go back to identityserver with the refresh_token and get a new one. Answers with example code snippets would be appreciated as my knowledge on all this is very small.

Relevant Info: IS4 v3.Net Framework v4.6 Client is set in IS to allow offline access

1 answers

solution1
 1  2020-07-22 08:54:24

Take a look at this article:

Otherwise than that there is no logic in the AddOpenIdConnect(..) handler to deal with renewal of refresh tokens. I think its up to your application to refresh them. Refreshing them in code is not that hard if you have saved the refresh token somewhere safe.

See this question How to use 'refresh_token' in IdentityServer 4?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Explicitly getting access token and refresh token in OWIN Authorization Server? OWIN ASP.NET - Cant generate Access Token using Refresh Token if Access Token is expired OWIN external login refresh token How to authenticate a Access token by Owin OAuthBearerAuthentication? Microsoft Graph in asp.net web forms access token expires - how to refresh tokens in web forms application and not MVC How to get a oauth access token created in owin API? how to invalidate token in Token Based Authentication OWIN Webapi 2.0 how to implement refresh JWT token when access token expired How to refresh access token received with Azure authentication? Unable to get Access token and Refresh token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM