在ASP.NET Core MVC中过期之前刷新ID令牌 [英] Refresh id token before it expires in aspnet core mvc
问题描述
我正在研究一个aspnet核心MVC项目,该项目调用由OAuth2.0保护的API.
I am working on a aspnet core MVC project which calls an API which is secured by OAuth2.0.
我能够使用以下代码访问API并正确获得响应,
I was able to access the API and get the response properly with the code below,
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = Configuration["AzureAD:Instance"] +
"/" + Configuration["AzureAD:TenantId"];
options.ClientId = Configuration["AzureAD:ClientId"];
options.Secret = Configuration["AzureAD:Secret"];
options.Callback = Configuration["AzureAD:Callback"];
options.ResponseType = "code id_token";
options.SaveTokens = true;
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "sign-in",
template: "signin-oidc")};
...
});
}
Controller.cs
我正在从HttpContext获取令牌.
I am getting the token from the HttpContext.
但是令牌会在几个小时后过期.有没有一种方法可以在过期之前刷新ID令牌. 我在堆栈溢出中尝试了一些示例.但是没有一个对我有用.
But the token expires after few hours. Is there a way to refresh the id token before it expires. I tried few examples in stack overflow. But none worked for me.
是否有一种方法可以在不使用下面示例中使用的IdentityModel的情况下使其正常工作? https://github.com/mderriey/aspnet-core-token-renewal/blob/master/src/MvcClient/Startup.cs
Is there a way to get this to work without using the IdentityModel used in example below? https://github.com/mderriey/aspnet-core-token-renewal/blob/master/src/MvcClient/Startup.cs
推荐答案
您不需要刷新id令牌. ID令牌包含有关最终用户的信息,一旦您的客户端应用从OpenID提供程序获取ID令牌,它将验证该令牌,对该令牌进行解码并使用Cookie身份验证登录用户.用户信息被序列化并存储在应用程序cookie中,该cookie将在浏览器的每个下一个请求中发送,以保留用户的基本配置文件信息和身份验证状态.
You don't need to refresh id token . Id token contains information about an End-User , once your client app get id token from OpenID provider , it will validate the token , decode the token and sign in user using cookie authentication . The user information is serialized and stored in application cookie which will send on each next request from browser to keep user's basic profile information and authentication status .
默认情况下,创建的cookie具有基于会话的生存期-即,直到关闭浏览器/选项卡.因此,id令牌将在第一次使用,然后cookie身份验证接管.
By default ,the cookie is created with a session-based lifetime - that is, until the browser/tab is closed . So id token will be used at the first time and then cookie authentication take over .
通常,我们考虑的是如何刷新访问令牌.访问令牌允许访问某些已定义的服务器资源,我们可以使用刷新令牌在过期后更新访问令牌.
Usually what we consider is how to refresh the access token . Access token allows access to certain defined server resources , we can use refresh token to renew access token after it expires .
您提供的文章显示了如何刷新访问令牌,并将ASP.NET会话cookie的生存期与OIDC访问令牌对齐(控制cookie的生存期).这与您的情况无关.
The article your provides is showing how to refresh access token , and aligns the lifetime of the ASP.NET session cookie with OIDC access token(control the cookie's lifetime ). That is not much related to your scenario .
这篇关于在ASP.NET Core MVC中过期之前刷新ID令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!