如何在客户端获得refresh_token到期日期?

时间:2016-01-06 23:02:17

标签: oauth identity

您好我正在使用OAuth身份服务来管理我的应用程序的安全机制。我能够生成访问权限并刷新令牌。我的回复如下:

public override async Task CreateAsync(AuthenticationTokenCreateContext context)
    {
        var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
        if (string.IsNullOrEmpty(clientid))
        {
            return;
        }
        var existingRefreshTokenId = context.OwinContext.Get<string>("as:existingRefreshTokenId");
        if (existingRefreshTokenId == null)
        {
            var refreshTokenId = Guid.NewGuid().ToString();
            var refreshTokenProperties = new AuthenticationProperties(context.Ticket.Properties.Dictionary)
            {
                IssuedUtc = context.Ticket.Properties.IssuedUtc,
                ExpiresUtc = DateTime.UtcNow.AddHours(10)

            };
            var refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, refreshTokenProperties);
            _refreshTokens.TryAdd(refreshTokenId, refreshTokenTicket);
            context.SetToken(refreshTokenId);
            var refreshtokeninfo = new RefreshTokenInfo()
            {
                Secret = "secret",
                ClientId = clientid,
                RefreshToken = refreshTokenId,
                RefreshTokenLifeTime = Convert.ToInt32(ConfigurationManager.AppSettings["RefreshTokenLifeTime"]),
                IssuedUtc = refreshTokenProperties.IssuedUtc,
                ExpiresUtc = refreshTokenProperties.ExpiresUtc,
                UserName = refreshTokenTicket.Identity.GetUserName(),
                ProtectedTicket = context.SerializeTicket()
            };
            var result = await ApplicationUserManager.AddRefreshToken(refreshtokeninfo);
            if (result)
            {
                context.Ticket.Identity.AddClaim(new Claim("refreshtokenexpires_in", Convert.ToString(refreshTokenProperties.ExpiresUtc)));
                context.SetToken(refreshTokenId);
            }
        }
    }

我能够获得访问令牌到期时间,但我没有获得刷新令牌到期时间。我想在客户端使用刷新令牌到期时间。请告诉我怎么能这样做。我试图添加声明&#34; refreshtokenexpires_in&#34;在身份证中,但我在最终回复中没有看到它。我将它添加到pplicationRefreshTokenProvider中的CreateAsync方法中。我的方法如下:

// Create the swap chain, Direct3D device, and Direct3D device context.
result = D3D11CreateDeviceAndSwapChain(NULL, D3D_DRIVER_TYPE_HARDWARE, NULL, 0, &featureLevel, 1, 
                       D3D11_SDK_VERSION, &swapChainDesc, &m_swapChain, &m_device, NULL, &m_deviceContext);
if(FAILED(result))
{
    return false;
}

1 个答案:

答案 0 :(得分:0)

我找不到任何可以使用OAuth类/属性存储的解决方案,并将刷新令牌时间跨度传递给客户端。所以我找到了另一种方法,我将refreshTokenExpirationDuration存储在表中,然后将其连接到我的refreshtokenId并将其传递给client.Something,如下所示:

//Get the refresh token duration from the Table
        var refreshTokenExpirationDuration = TimeSpan.FromHours(tenant.RefreshTokenTimeSpan);
        if (!string.IsNullOrEmpty(ClientId))
        {
            var existingRefreshTokenId = context.OwinContext.Get<string>(_existingRefreshTokenId);
            if (existingRefreshTokenId == null)
            {
                //Create new refreshtokenId if doesn't exist
                var refreshTokenId = Guid.NewGuid().ToString();
                //Add properties to the refresh token
                var refreshTokenProperties = new AuthenticationProperties(context.Ticket.Properties.Dictionary)
                {
                    IssuedUtc = context.Ticket.Properties.IssuedUtc,
                    ExpiresUtc = DateTime.UtcNow.AddHours(tenant.RefreshTokenTimeSpan)

                };
                var refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity,refreshTokenProperties);
                //Concatenate the refresh token duration from table to the refresh token id.
                context.SetToken(String.Format("{0};{1}", refreshTokenId,refreshTokenExpirationDuration.TotalSeconds));
            }
        }

只是分享,以防任何人都有用。

相关问题
最新问题