使用JwtAuthProviderReader刷新令牌

时间:2017-10-27 11:19:25

标签: servicestack refresh-token

我想知道将refresh-tokenJwtAuthProviderReader一起使用的最佳实践。在 jwt 到期的那一刻,我发送了一个请求/access-token来获取一个新请求。

 var jwt = authClient.Send(new GetAccessToken() {RefreshToken = Request.GetCookieValue("ss-refreshtok") }).AccessToken;
            Response.SetCookie(new Cookie()
            {
                Path = "/",
                Name = "ss-tok",
                Value = jwt
            });

我的问题是我得到“令牌已过期”即使我已经将新的 jwt 设置为cookie。我必须在页面有效之前刷新页面......

这是我的身份验证服务

   public class AuthenticationHandler: Service
   {
    private readonly JsonServiceClient authClient;
    public AuthenticationHandler()
    {
        authClient = new JsonServiceClient("http://localhost/authentication/");
    }
    [Authenticate]
    public GetAuthenticationContextResponse Get(GetAuthenticationContext request)
    {

        var authSession = this.SessionAs<MyAbaxAuthSession>();
        return new GetAuthenticationContextResponse
        {
            CustomerId = authSession.CustomerId,
            UserId = int.Parse(authSession.UserAuthId)
        };
    }

    public UserAuthenticateResponse Post(UserAuthenticate request)
    {

        var response = authClient.Send(new Authenticate
        {
            provider = "credentials",
            UserName = request.UserName,
            Password = request.Password,
            UseTokenCookie = true
        });
        Response.SetCookie(new Cookie()
        {
            Path = "/",
            Name = "ss-tok",
            Value = response.BearerToken
        });

        Response.SetCookie(new Cookie()
        {
            Path = "/",
            Name = "ss-refreshtok",
            Value = response.RefreshToken
        });
        return new UserAuthenticateResponse();
    }
}

1 个答案:

答案 0 :(得分:1)

请参阅JWT docs有关如何访问JWT RefreshToken的信息,即在身份验证成功后在RefreshToken属性中返回的内容:

var response = client.Post(new Authenticate {
    provider = "credentials",
    UserName = userName,
    Password = password,
});

var jwtToken = response.BearerToken;
var refreshToken = response.RefreshToken;