stackoom
  简体   繁体   中英

IdentityServer Refresh AccessToken

 原文  2022-12-20 06:31:51       identityserver4/ access-token

Question

Thank you for your time.I configured the AccessTokenLifetime in ids4 to be 65 seconds, and the expiration time in the user.Claims acquired by api when I accessed the api on the front end was assumed to be 8: 20: 00. I thought that no matter how I accessed the accesstoken before 8: 20: 00, the expiration time was always 8: 20: 00. I won't refresh the token until 65 seconds later, that is, this expired time. But in the actual process, I found that I started to refresh the token when I visited it after 5 seconds. Interestingly, when I set AccessTokenLifetime to 75 seconds, I will refresh the token after 15 seconds. I found this sentence in the official discussion: enter image description here He said that ids4 will refresh the token 60 seconds in advance. I wonder if I misunderstood it. Shouldn't the client do the work of refreshing the token? Why is it in ids4? If so, he said that this time can be set. How to set it?

This is my client configuration in ids4 enter image description here The following is the code for my client configuration.

 services.AddAuthentication(options =>
        {
            options.DefaultScheme = "cookie";
            options.DefaultChallengeScheme = "oidc";
            options.DefaultSignOutScheme = "oidc";
        })
            .AddCookie("cookie", options =>
            {
                options.Cookie.Name = "__Host-bff";
                options.Cookie.SameSite = SameSiteMode.Strict;

            })
            .AddOpenIdConnect("oidc", options =>
            {
                options.RequireHttpsMetadata = false;
                //options.Authority = "https://localhost:5001";
                options.Authority = "http://localhost:5002";
                options.ClientId = "interactive.confidential";
                options.ClientSecret = "secret";
                options.ResponseType = OpenIdConnectResponseType.Code;
                options.ResponseMode = OpenIdConnectResponseMode.Query;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.MapInboundClaims = false;
                options.SaveTokens = true;
                options.Scope.Clear();
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("api");
                options.Scope.Add(StandardScopes.OfflineAccess);
                options.TokenValidationParameters = new()
                {
                    NameClaimType = "name",
                    RoleClaimType = "role"
                };
            });

1 answers

solution1
 0  2022-12-20 14:21:00

It is always the role of the client application to trigger and do the refresh cycle, not IdentityServer. IdentityServer don't care about this. I think they refer to the automatic token management library,that they provide that manages refresh tokens for you.

Out of the box, ASP.NET Does not care about refresh tokens.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question username in accesstoken with identityserver4 IdentityServer AccessToken one server to another server Refresh token for IdentityServer4 Reusing IdentityServer3 refresh tokens in IdentityServer4 AccessToken does miss critical audience after update to IdentityServer4 3.1.3 Asp Core Oidc Client with IdentityServer 4 AccessToken Expire handling Silent Refresh Still Works After AccessToken Expiry Refresh Roles in IdentityServer-Clients IdentityServer4 Refresh Token Is Null IdentityServer4 refresh token issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM