无刷新令牌即刷新声明 [英] Refreshing claims without refreshing token
问题描述
我们使用IdentityServer3来验证我们的用户。我们在一个单独的Web应用程序上运行它到主应用程序API。存在索赔的层次结构 - 例如,站点,工厂和设备。用户可以对位于工厂的一件设备提出索赔,但不能对整个工厂或现场提出索赔。
We are using IdentityServer3 to authenticate our users. We run it on a separate web application to the main application API. There is a hierarchy of claims - for example, sites, factories and equipment. It is possible for a user to have a claim for a piece of equipment that is at a factory, but not have a claim for the entire factory, or the site.
通过背景作业处理版权声明的分发。
The distribution of claims is handled by means of a background job.
当用户创建网站,工厂或设备时,会为他们创建声明,这也可能分发给其他用户。
When a user creates a site, factory or equipment a claim is created for them, this may have also been distributed to other users.
当请求进入引擎API时,我们需要确保我们查看当前用户的最新版权声明。
When a request comes into the engine API we need to be sure we're looking at the most up to date set of claims for the current user.
有没有办法保证最近的声明每次都发送到API?
Is there any way to guarantee that the most recent claims are sent to the API each time?
推荐答案
如果你需要的数据经常更改,那么建议不要把它们作为声明在令牌或cookie。而只需将用户的唯一ID(子声明)放在令牌或cookie中,然后根据需要从数据库中查找其余。如果perf是一个问题,然后进行缓存。
If the data you need changes that frequently, then the advice is to not put them as claims in a token or in a cookie. Instead just put the user's unique id (sub claim) in the token or cookie, and then lookup the rest from the DB as needed. If perf is a problem, then do caching.
这篇关于无刷新令牌即刷新声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
