Azure AD B2C OpenID Connect刷新令牌 [英] Azure AD B2C OpenID Connect Refresh token
问题描述
我遵循了此示例 https://docs.microsoft.com/zh-cn/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi Microsoft网站上的页面.正常运行,但问题是访问令牌的生存期为一小时,并且在该小时之后,用户需要重新登录.我不想延长access_token的寿命,但想在access_token过期之前刷新令牌.我该如何实现?
I followed this example https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi from the Azure AD B2C documentation page on the Microsoft site. Got it working fine but the problem is that the access token has a one hour lifetime and after that hour the user needs to re-login. I don't want to extend the access_token lifetime but would like to refresh the token before the access_token is expired. How can I achieve this?
可在此处找到源代码: https ://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi
The source code can be found here: https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi
推荐答案
从您链接的文章中,我了解到您正在尝试向您的应用添加登录.如果仅登录是您的目标,那么您就不需要使用access_token.除非您想使用访问令牌调用API/服务,否则不需要与获取访问令牌相关的代码.出于登录目的,id_token应该足够.
From the article you linked, I understand that you are trying to add sign in to you app. If signing in is your only goal, then you would not require to use the access_token. The code related to acquiring an access token is not necessary until you want to call an API/service using the access token. For the purpose of sign in the id_token should be sufficient.
话虽如此,id_token也具有一小时的生命周期.要扩展会话,您有几个选择:
Having said that, the id_token also has the one hour lifetime. To extend the session, you have a couple of options:
- 简单的选择是将应用程序会话生存期与令牌生存期分开.您可以通过将UseTokenLifetime = false传递给中间件中的OpenIdConnectAuthenticationOptions来实现.
- 您可以将会话生存期与Azure AD会话生存期相关联.这将涉及通过从隐藏的iframe向Azure AD发出登录请求来添加逻辑来续订应用程序的会话.
您可以在 查看全文
