如何使用iFrame(使用Identity Server 4,Angular 2+)在隐式流中手动进行静默刷新 [英] How to do Silent Refresh manually in implicit flow using iFrame (using Identity Server 4, Angular 2+)
问题描述
我正在尝试使用具有隐式流程的iFrame进行无提示刷新.我不想使用 automaticSilentRenew ,因为它效率不高.我在客户端的Angular 8中使用 oidc-client 库.因此,发生了两件事:
I am trying to do silent refresh using iFrame with Implicit Flow. I do not want to use automaticSilentRenew as it is not efficient. I am using oidc-client library in Angular 8 on the client side. So, there are two things which are happening :
1.)我正在使用auth-guard来保护重要组件.在auth-guard中,我正在检查令牌是否有效,如果不是,那么我在调用auth-service类的 signinRedirect 来获取新令牌.
1.) I am using auth-guard to secure the important components. In auth-guard i am checking if the token is valid, in case it's not then i am calling signinRedirect of the auth-service class to fetch the new token.
2.)我没有使用auth-guard保护安全的API调用组件,因此我可能会收到无效令牌的 401未经授权错误.但是,如果我使用auth-guard对其进行保护,则在获得新的令牌集和&之后,它会将我路由到auth-callback.原始请求丢失.
2.) I am not guarding the secure API calling component with auth-guard so that i could get the 401 unauthorized error for in-valid token. But if i guard it with auth-guard, it routes me to the auth-callback after getting the new set of tokens & the original request is lost.
我不知何故想要自动化此过程.就像用auth-guard保护API调用组件,当我尝试用过期的令牌访问API时,auth-guard开始起作用,在幕后使用有效令牌更新当前请求,以提供无缝的用户体验.
I somehow wants to automate this process. Like, guarding the API invoking component with auth-guard and when i try to hit the API with expired token, the auth-guard comes into play, updates the current request with the valid token behind the scenes so as to give a seamless user experience.
export class AuthService {
private manager = new UserManager(getClientSettings());
private user: User = null;
constructor() {
this.manager.getUser().then(user => {
this.user = user;
});
this.manager.events.addAccessTokenExpiring(async function(){
await this.manager.signinSilent().then(user => {
});
});
}}
我正在尝试在auth-service类的构造函数中捕获 addAccessTokenExpiring 事件,并调用 signinSilent 以获取新的access_token.该事件确实在令牌到期之前开始,但是我在该事件内部未定义 this.manager .
I am trying to catch addAccessTokenExpiring event in the constructor of my auth-service class and calling signinSilent to get the new access_token. The event does kick off prior to token expiration but i am getting this.manager undefined inside this event.
请分享您的宝贵意见以实现这一目标.任何现有的例子都将是高度赞赏的.
Please share your valuable inputs to attain this. Any existing example would be highly appreciable.
谢谢!
Tarun Ohri
Tarun Ohri
推荐答案
我的偏好是采用类似的方法,但不依赖客户端令牌到期,方法是允许401出现,然后刷新令牌并重试具有新令牌的API请求.
My preference is to follow a similar approach but to not rely on the client side token expiry, by allowing a 401 to occur and then refreshing the token and retrying the API request with a new token.
如果有帮助,这里有两个关键类:
If it helps, here are the 2 key classes:
- API Client
- Open Id Connect Client
这篇关于如何使用iFrame(使用Identity Server 4,Angular 2+)在隐式流中手动进行静默刷新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
