IdentityServer4-在遵循混合MVC的快速入门之后使用刷新令牌 [英] IdentityServer4 - Using Refresh Tokens after following the Quickstart for Hybrid MVC

问题描述

我遵循了文档页面中的快速入门，并具有使用IdentityServer进行身份验证的三个服务（IdentityServer，一个Api服务，一个ASPNET MVC应用程序）的有效配置。

I've followed the Quickstart in the documentation page and have a working configuration of three services (IdentityServer, one Api service, one ASPNET MVC application) using IdentityServer for authentication.

一切正常（登录，登录，授权等），直到access_token过期1小时后。此时，MVC应用程序开始（正确）从API服务接收401（因为令牌已过期）。那时，我知道我应该使用refresh_token来获取新的access_token。

Everything works perfectly (login, login, authorization, etc.) until after 1 hour when the access_token expires. At this point, the MVC application starts to receive (correctly) a 401 from the API service (since the token is expired). At that point, I know I should use the refresh_token to get a new access_token.

我正在寻找一种自动刷新access_token并偶然发现的机制： https://github.com/mderriey/TokenRenewal/blob/master/src /MvcClient/Startup.cs （来自此答案）。我尝试使用它，但是没有用（即使身份验证成功， TokenEndpointResponse 为空）。

I was looking for a mechanism that automatically refreshed the access_token and stumbled upon this: https://github.com/mderriey/TokenRenewal/blob/master/src/MvcClient/Startup.cs (from this answer). I tried to use that but it didn't work (the TokenEndpointResponse was null even though the authentication was successful).

我知道如何使用 refresh_token 来获取新的 access_token ，但是有了它后，我将如何

I understand how to use a refresh_token to get a new access_token, but after I have it, how would I go inserting it back into the cookie so that future request have access to the new tokens?

推荐答案

McvHybrid示例有一个很好的例子，可以将其重新插入Cookie，以便将来的请求可以访问新令牌吗？将新的 access_token 和 refresh_token 重新带回委托人。这是链接带有代码的github文件，位于下面的 RenewTokens（）中。

The McvHybrid sample has a good example for getting the new access_token and refresh_token back into the principal. Here's a link to the github file with the code, which is located in RenewTokens() as shown below.

    public async Task<IActionResult> RenewTokens()
    {
        var disco = await DiscoveryClient.GetAsync(Constants.Authority);
        if (disco.IsError) throw new Exception(disco.Error);

        var tokenClient = new TokenClient(disco.TokenEndpoint, "mvc.hybrid", "secret");
        var rt = await     HttpContext.Authentication.GetTokenAsync("refresh_token");
        var tokenResult = await tokenClient.RequestRefreshTokenAsync(rt);

        if (!tokenResult.IsError)
        {
            var old_id_token = await HttpContext.Authentication.GetTokenAsync("id_token");
            var new_access_token = tokenResult.AccessToken;
            var new_refresh_token = tokenResult.RefreshToken;

            var tokens = new List<AuthenticationToken>();
            tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.IdToken, Value = old_id_token });
            tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.AccessToken, Value = new_access_token });
            tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.RefreshToken, Value = new_refresh_token });

            var expiresAt = DateTime.UtcNow + TimeSpan.FromSeconds(tokenResult.ExpiresIn);
            tokens.Add(new AuthenticationToken { Name = "expires_at", Value = expiresAt.ToString("o", CultureInfo.InvariantCulture) });

            var info = await HttpContext.Authentication.GetAuthenticateInfoAsync("Cookies");
            info.Properties.StoreTokens(tokens);
            await HttpContext.Authentication.SignInAsync("Cookies", info.Principal, info.Properties);

            return Redirect("~/Home/Secure");
        }

        ViewData["Error"] = tokenResult.Error;
        return View("Error");
    }

这篇关于IdentityServer4-在遵循混合MVC的快速入门之后使用刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！