使用ADFS OAuth刷新令牌 [英] Using ADFS OAuth Refresh Token
问题描述
我已将ADFS3 OAuth2配置为返回刷新令牌:
I have ADFS3 OAuth2 configured to return Refresh Tokens:
PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices
PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10
PS> Set-AdfsProperties -SSOLifetime 480
此处访问令牌持续10分钟,刷新令牌持续480分钟分钟。
Here the Access Token lasts for 10 minutes and the Refresh Token lasts for 480 minutes.
然后我通过获取生成访问令牌:
I then generate an Access Token by GETing:
https://myadfsdomain/adfs/oauth/authorize
?response_type=code
&client_id=MYCLIENTID
&redirect_uri=https://myserver/callback
&resource=MYRelyingPartyId
并发布 responseCode
例如:
$http({method: "post",
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
url: "https://myadfsdomain/adfs/oauth2/token",
data: "client_id=MYCLIENTID&code=" + responseCode + "&redirect_uri=https://myserver/callback&grant_type=authorization_code" })
响应具有访问权限令牌,类型,过期时间和刷新令牌:
The response has the Access Token, type, Expire Time and Refresh Token:
{"access_token":"blah...",
"token_type":"bearer",
"expires_in":600,
"refresh_token":"blahblah..."}
太好了。现在,访问令牌的有效期为多长时间(此处为10分钟)
Great. The Access Token is now valid for however long it has been configured for (10 minutes here)
问题是,一旦该时间到期,我们如何使用 refresh_token
来获取另一个访问令牌? IE:
Questions is, once that time has expired, how do we use the refresh_token
to get another Access Token? IE:
- URL是什么?
- 我们要发布吗?
- 我们使用什么参数名称来发布
refresh_token
?
- What is the URL?
- Do we POST?
- What param names do we use to POST the
refresh_token
?
推荐答案
刷新令牌授予类型也针对您用来交换授权码的令牌端点执行。您应该根据RFC使用POST: https://tools.ietf.org/html/ rfc6749#section-6 并至少提供参数 grant_type
和 refresh_token
。一个示例,基于RFC中的示例:
The refresh token grant type is also executed against the token endpoint that you used to exchange the Authorization Code at. You should use POST according to the RFC: https://tools.ietf.org/html/rfc6749#section-6 and provide at least the parameters grant_type
and refresh_token
. An example, based on the one from the RFC:
POST /adfs/oauth2/token HTTP/1.1
Host: myadfsdomain
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=<blahblah...>
这篇关于使用ADFS OAuth刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!