OWIN OAuth 2.0-承载令牌永不过期 [英] OWIN OAuth 2.0 - Bearer Token Never Expire
问题描述
我正在使用以下OAuth提供程序和选项:
I'm using the following OAuth provider and options:
UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>(new ApplicationDbContext()));
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/AccountOwin/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(2),
AllowInsecureHttp = true
};
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
Oauth Provider类来自以下链接: https://github.com/gustavo-armenta/BearerTokenAuthenticationSample /blob/master/BearerTokenAuthenticationSample/Providers/ApplicationOAuthProvider.cs
The Oauth Provider class comes from the below link: https://github.com/gustavo-armenta/BearerTokenAuthenticationSample/blob/master/BearerTokenAuthenticationSample/Providers/ApplicationOAuthProvider.cs
我想实现Refresh令牌提供程序,因此我将到期时间设置为2分钟.但是我注意到,即使在2分钟之后,WEB API也会降低对资源的访问权限.
I want to implement Refresh token provider and because of this I set the expiration time to 2 minutes. But I noticed that the WEB API alows the acces to the resources even after 2 minutes.
提前谢谢!
推荐答案
我遇到了这个问题,因为我忘记了正确配置WebAPI.将以下代码添加到我的WebApiConfig Register()方法中即可解决该问题.
I had this problem because I'd forgotten to configure WebAPI correctly. Adding the following code into my WebApiConfig Register() method solved it.
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
我在
这篇关于OWIN OAuth 2.0-承载令牌永不过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!