[英]How do I post to Facebook user's friend's wall with publish_stream but NOT offline_access using an application access token
[英]Refresh Token is empty and AllowOfflineAccess is true and scope I have offline_access
刷新令牌始终为空,这是我的代码:
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
RequireConsent = false,
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowAccessTokensViaBrowser = true,
ClientSecrets = {new Secret("secret".Sha256())},
RedirectUris = { "http://localhost:7002/Account/callback" }, //{ "http://localhost:7002/signin-oidc" }, //
PostLogoutRedirectUris = { "http://localhost:7002/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
"api1"
},
AllowOfflineAccess = true,
AlwaysIncludeUserClaimsInIdToken = true
}
这是我的MVCClient
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:7000";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.ResponseType = "code id_token token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
我通过创建授权URL登录,这是我创建它的方式:
var host = _context.HttpContext.Request.Host.Host;
var discoveryClient = new DiscoveryClient(Configuration["auth:oidc:authority"]);
var disco = await discoveryClient.GetAsync();
var request = new RequestUrl(disco.AuthorizeEndpoint);
authorizeUrl = request.CreateAuthorizeUrl(
clientId: "mvc",
responseType: "code id_token token",
responseMode: OidcConstants.ResponseModes.FormPost,
scope: "openid profile api1 offline_access",
redirectUri: "http://localhost:7002/Account/callback", //"http://localhost:7002/signin-oidc", //
state: CryptoRandom.CreateUniqueId(),
nonce: CryptoRandom.CreateUniqueId(),
acrValues: host);
return Redirect(authorizeUrl);
我被重定向到登录页面,执行登录,一旦登录,然后返回到CallBack()(在HomeController中),我得到了除空的refresh_token之外的所有内容:
public async Task<IActionResult> Callback()
{
var code = Request.Form["code"];
var tokenType = Request.Form["token_type"];
var idToken = Request.Form["id_token"];
var scope = Request.Form["scope"];
var state = Request.Form["state"];
var session_state = Request.Form["session_state"];
var error = Request.Form["error"];
var expiresAt = Request.Form["expires_in"];
var accessToken = Request.Form["access_token"];
var refreshToken = Request.Form["refresh_token"];
}
回顾一下:refresh_token为空{},不为null。 为了以其他方式对其进行测试,我向about方法添加了[authorize],如果仅通过单击单击登录,则确实具有refresh_token。
我想念什么吗?
您只能通过令牌端点调用来获取刷新令牌。 您需要使用在回调中返回的code
来调用/connect/token
。
另外,由于您是手动执行请求和回调,因此调用AddOpenIdConnect
可能毫无意义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.