我使用Active Directory访问我们的应用程序(我已经创建了一个应用并在AD中注册了它),但是无法从令牌响应中获取刷新令牌。
在Startup.cs中我定义了Open Id Connect选项:
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
SlidingExpiration = true
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ApiConstants.AAD_WebClientId,
Authority = Authority,
TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, },
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = context =>
{
if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
// ensure https before redirecting to Azure
if (!context.Request.IsSecure)
{
context.Response.Redirect(
$"https://{context.Request.Uri.Authority}{context.Request.Uri.AbsolutePath}");
context.HandleResponse();
return Task.FromResult(0);
}
}
return Task.FromResult(0);
},
// If there is a code in the OpenID Connect response,
// redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed
}
});
我的OnAuthorizationCodeReceived方法是:
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
var code = context.Code;
ClientCredential credential = new ClientCredential(ApiConstants.AAD_WebClientId, ApiConstants.AAD_CertWeb);
AuthenticationContext authContext = new AuthenticationContext(Authority);
// If you create the redirectUri this way, it will contain a trailing slash.
// Make sure you've registered the same exact Uri in the Azure Portal (including the slash).
var builder = new UriBuilder(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
builder.Scheme = "https";
if (builder.Uri.IsDefaultPort)
{
builder.Port = -1;
}
//n.AuthenticationTicket.Properties.RedirectUri = builder.ToString();
// this doesn't return a refresh token???
AuthenticationResult result =
await
authContext.AcquireTokenByAuthorizationCodeAsync(code, builder.Uri, credential,
ApiConstants.AAD_Audience);
}
问题是,返回的令牌没有刷新令牌,也没有滑动所以我们每小时都会被注销。我可以在Active Directory或我的应用程序中执行任何操作来打开/接收刷新令牌吗?
或者我是否收到刷新令牌,但AuthenticationResult
班并未将此属性公开给我?
答案 0 :(得分:0)
在调查同一问题时偶然发现了这一点。
如果您使用像Fiddler这样的工具监控网络流量,您会看到确实返回了refresh_token,它只是没有公开。
以下链接提供了更多信息。