我设法获得了一个简单的示例代码,可以创建一个承载令牌,并通过在stackoverflow上阅读其他论坛来刷新令牌请求新的代码。
启动类看起来像这样
public class Startup
{
public static void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(
new OAuthBearerAuthenticationOptions());
app.UseOAuthAuthorizationServer(
new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new OAuthAuthorizationServerProvider()
{
OnValidateClientAuthentication = async c =>
{
c.Validated();
},
OnGrantResourceOwnerCredentials = async c =>
{
if (c.UserName == "alice" && c.Password == "supersecret")
{
Claim claim1 = new Claim(ClaimTypes.Name, c.UserName);
Claim[] claims = new Claim[] { claim1 };
ClaimsIdentity claimsIdentity =
new ClaimsIdentity(
claims, OAuthDefaults.AuthenticationType);
c.Validated(claimsIdentity);
}
}
},
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(40),
AllowInsecureHttp = true,
RefreshTokenProvider = new ApplicationRefreshTokenProvider()
});
}
}
我还有一个刷新令牌类,如下所示:
public class ApplicationRefreshTokenProvider : AuthenticationTokenProvider
{
public override void Create(AuthenticationTokenCreateContext context)
{
// Expiration time in seconds
int expire = 2 * 60;
context.Ticket.Properties.ExpiresUtc = new DateTimeOffset(DateTime.Now.AddSeconds(expire));
context.SetToken(context.SerializeTicket());
}
public override void Receive(AuthenticationTokenReceiveContext context)
{
context.DeserializeTicket(context.Token);
}
}
我理解的方式是,通过提供刷新令牌,您应该获得一个新的访问令牌。但是,此代码中发生的情况是,当我提供刷新令牌时,会创建并返回新的刷新令牌。我希望它在首次提供用户名/密码时创建访问和刷新令牌,但创建新的刷新似乎不正确每次使用刷新令牌发出新的访问令牌请求时,令牌?
例如,根据我的代码,我在访问令牌上有20分钟的时间,在刷新令牌上有两周时间,新的访问令牌< / strong>可以每20分钟创建一次,这很好,但是新的刷新令牌也会每20分钟创建一次,但是过去2周。然后会创建很多刷新令牌但不会使用。
问题:
我几个小时前才开始阅读/了解这个,所以我很不确定但是这是正确的行为还是我应该以某种方式编写我的代码,只创建并返回一个新的提供刷新令牌但未创建并返回新的刷新令牌的访问令牌?任何帮助或输入都非常感谢,谢谢!
答案 0 :(得分:1)
由于还没有人回答,我将提供我所做的和正在寻找的东西。因此,我现在要接受这个答案。
public class Startup
{
public static void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(
new OAuthBearerAuthenticationOptions());
app.UseOAuthAuthorizationServer(
new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new OAuthAuthorizationServerProvider()
{
OnValidateClientAuthentication = async c =>
{
c.Validated();
},
OnGrantResourceOwnerCredentials = async c =>
{
//Add a string with the current date
string dateNow = DateTime.UtcNow.ToString();
if (c.UserName == "alice" && c.Password == "supersecret")
{
Claim claim1 = new Claim(ClaimTypes.Name, c.UserName);
Claim[] claims = new Claim[] { claim1 };
ClaimsIdentity claimsIdentity =
new ClaimsIdentity(
claims, OAuthDefaults.AuthenticationType);
//Add a claim with the creationdate of the token
claimsIdentity.AddClaim(new Claim("creationDate", dateNow));
c.Validated(claimsIdentity);
}
}
},
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(40),
AllowInsecureHttp = true,
RefreshTokenProvider = new ApplicationRefreshTokenProvider()
});
}
}
在ApplicationRefreshTokenProvider中,我做了改变
public class ApplicationRefreshTokenProvider : AuthenticationTokenProvider
{
public override void Create(AuthenticationTokenCreateContext context)
{
//Get the claim which holds creation date
DateTime creationDate = Convert.ToDateTime(clientid.Claims.Where(c => c.Type == "creationDate").Single().Value);
//Create a variable holding current time minus 30 seconds(This is how long time you can create new refresh tokens by providing your original refresh token)
DateTime now = DateTime.UtcNow.AddSeconds(-30);
//If the time has passed more than 30 seconds from the time you got your original access and refresh token by providing credentials
//you may not create and return new refresh tokens(Obviously the 30 seconds could be changed to something less or more aswell)
if(now < ceationDate)
{
// Expiration time in seconds
int expire = 2 * 60;
context.Ticket.Properties.ExpiresUtc = new DateTimeOffset(DateTime.Now.AddSeconds(expire));
context.SetToken(context.SerializeTicket());
}
}
public override void Receive(AuthenticationTokenReceiveContext context)
{
context.DeserializeTicket(context.Token);
}
}