如何延长从IdentityServer 3发出的JWT令牌的生命周期

时间:2017-02-03 14:42:30

标签: c# jwt identityserver3

我正在尝试设置IdentityServer 3 Web应用程序而不是硬件,这是一个与软件开发相关的问题。我正在尝试学习如何使用该技术并生成我的api可以使用的JWT令牌。问题是我不能为我的生活找到设置令牌到期的地方。大约一个小时后它总会产生401。理想情况下,出于测试目的,我希望将其延长很长时间,因此我不必将JWT令牌复制并粘贴到fiddler中,从而大大减慢了我的开发和学习过程。

我的客户 

new Client
            {
                ClientId = "scheduling"
                ,ClientSecrets = new List<Secret>
                {
                    new Secret("65A6A6C3-A764-41D9-9D10-FC09E0DBB046".Sha256())
                },
                ClientName = "Patient Scheduling",
                Flow = Flows.ResourceOwner,
                AllowedScopes = new List<string>
                {
                    Constants.StandardScopes.OpenId,
                    Constants.StandardScopes.Profile,
                    Constants.StandardScopes.OfflineAccess,
                    "read",
                    "adprofile",
                    "scheduling"
                },
                Enabled = true
            }

我的范围 

   new Scope
            {
                Name = "scheduling",
                Claims = new List<ScopeClaim>
                {
                     new ScopeClaim(Constants.ClaimTypes.Role,true),
                     new ScopeClaim("scheduling_id",true),
                     new ScopeClaim("expires_at",true)  //I have tried "expires_in" and [Constants.ClaimTypes.Expiration] also with no luck
                }
            }

用于客户特定声明的方法: 

  private IEnumerable<Claim> GetClaimByClientId(string client_id)
    {
        List<Claim> claims = new List<Claim>();
        switch(client_id.ToLower())
        {
            case "scheduling":
                claims = new List<Claim>();
                claims.Add(new Claim(ClaimTypes.Role,"administrator"));
                claims.Add(new Claim("scheduling_id", "2"));
                //claims.Add(new Claim("expires_in", "2082758400")); //01/01/2036
                //claims.Add(new Claim(Constants.ClaimTypes.Expiration, "2082758400")); //01/01/2036
                claims.Add(new Claim("expires_at", "2082758400")); //01/01/2036
                break;
            default:
                throw new Exception("Client not found with provided client id.");
        }


        return claims;
    }

代码实际验证凭据: 

            if (ActiveDirectoryHelper.ValidateCredentials(context.UserName, context.Password, adName))
            {

                List<Claim> lstClaims = new List<Claim>
                {
                    new Claim("obj_id",user.UserID.ToUpper()),
                    new Claim(Constants.ClaimTypes.Email, string.IsNullOrEmpty(user.Email) ? string.Empty : user.Email.ToLower()),
                    new Claim(Constants.ClaimTypes.GivenName,user.FirstName),
                    new Claim(Constants.ClaimTypes.FamilyName,user.LastName),
                    new Claim("EmployeeNumber",user.EmployeeNumber),


                };

                lstClaims.AddRange(GetClaimByClientId("scheduling"));


                context.AuthenticateResult = new AuthenticateResult(user.UserID,user.Username, lstClaims);
            }
            else
            {
                context.AuthenticateResult = new AuthenticateResult("Invalid Login.");
            }

1 个答案:

答案 0 :(得分:1)

可以使用Client属性AccessTokenLifetime为客户端应用程序设置访问令牌生存期(我假设这是JWT令牌的含义)。

默认设置为3600秒(1小时)。

相关问题
最新问题