如何刷新访问令牌 [英] How to refresh access token

问题描述

我有一个Asp.net 2.0 核心Web应用程序，该应用程序连接到Identity Server 4应用程序进行身份验证。还涉及一个API。该API将访问令牌用作承载令牌。

I have an Asp.net 2.0 core web application which connects to an Identity server 4 application for authentication. There is also an API involved. The API consumes an access token as a bearer token.

我的创业公司：

services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                options.Authority = idsEndPoint;
                options.RequireHttpsMetadata = false;
                options.ClientId = "testclient";
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("testapi");
            });

控制器：

在我的控制器中可以看到我的令牌，并且它们都已填充，并且我可以在API调用中使用访问令牌。

In my controllers i can see my tokens and they are all populated and i can use the access token in my API calls.

var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
var refreshToken = await HttpContext.GetTokenAsync(IdentityConstants.HttpContextHeaders.RefreshToken);
var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);

问题：

我的问题在访问令牌过期的一小时后发生。看来它没有自动刷新。我想知道这是否是我的身份验证中的设置，它将导致刷新它。但是，我一直无法找出在过期后如何强制它刷新访问令牌的方法。

My problem occurs after one hour where the access token expires. It appears that it is not automatically being refreshed. I am wondering if this is a setting in my authentication that will cause it to refresh it. However I have been unable to find out how I am supposed to force it to refresh the access token after it has expired.

我当前的解决方案是自己刷新它，但是我会认为这将内置在Cookie中间件中。

My current solution is to refresh it myself but I would have thought this would be built into the cookie middleware.

推荐答案

这种方法使用OpenIddict，您需要在startup.cs内实现主要配置。下一个链接是此实现的一个很好的例子。希望是有用的


https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow

     if (request.IsPasswordGrantType())
        {

            if (!Email_Regex_Validation.Check_Valid_Email_Regex(request.Username))
            {
                return BadRequest(Resources.RegexEmail);
            }

            SpLoginUser stored = new SpLoginUser(_context);

            string result = stored.Usp_Login_User(request.Username, request.Password);

            if (!result.Contains("successfully"))
            {
                return Forbid(OpenIddictServerDefaults.AuthenticationScheme);
            }

            // Create a new ClaimsIdentity holding the user identity.
            var identity = new ClaimsIdentity(
                OpenIddictServerDefaults.AuthenticationScheme,
                OpenIdConnectConstants.Claims.Name,
                OpenIdConnectConstants.Claims.Role);


            identity.AddClaim(Resources.issuer, Resources.secret,
                OpenIdConnectConstants.Destinations.IdentityToken);
            identity.AddClaim(OpenIdConnectConstants.Claims.Name, request.Username,
                OpenIdConnectConstants.Destinations.IdentityToken);


            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme);
            ticket.SetScopes(OpenIdConnectConstants.Scopes.OfflineAccess);

            // Ask OpenIddict to generate a new token and return an OAuth2 token response.
            return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);

        }

这篇关于如何刷新访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！