我想知道将refresh-token
与JwtAuthProviderReader
一起使用的最佳实践。在 jwt 到期的那一刻,我发送了一个请求/access-token
来获取一个新请求。
var jwt = authClient.Send(new GetAccessToken() {RefreshToken = Request.GetCookieValue("ss-refreshtok") }).AccessToken;
Response.SetCookie(new Cookie()
{
Path = "/",
Name = "ss-tok",
Value = jwt
});
我的问题是我得到“令牌已过期”即使我已经将新的 jwt 设置为cookie。我必须在页面有效之前刷新页面......
这是我的身份验证服务:
public class AuthenticationHandler: Service
{
private readonly JsonServiceClient authClient;
public AuthenticationHandler()
{
authClient = new JsonServiceClient("http://localhost/authentication/");
}
[Authenticate]
public GetAuthenticationContextResponse Get(GetAuthenticationContext request)
{
var authSession = this.SessionAs<MyAbaxAuthSession>();
return new GetAuthenticationContextResponse
{
CustomerId = authSession.CustomerId,
UserId = int.Parse(authSession.UserAuthId)
};
}
public UserAuthenticateResponse Post(UserAuthenticate request)
{
var response = authClient.Send(new Authenticate
{
provider = "credentials",
UserName = request.UserName,
Password = request.Password,
UseTokenCookie = true
});
Response.SetCookie(new Cookie()
{
Path = "/",
Name = "ss-tok",
Value = response.BearerToken
});
Response.SetCookie(new Cookie()
{
Path = "/",
Name = "ss-refreshtok",
Value = response.RefreshToken
});
return new UserAuthenticateResponse();
}
}
答案 0 :(得分:1)
请参阅JWT docs有关如何访问JWT RefreshToken的信息,即在身份验证成功后在RefreshToken
属性中返回的内容:
var response = client.Post(new Authenticate {
provider = "credentials",
UserName = userName,
Password = password,
});
var jwtToken = response.BearerToken;
var refreshToken = response.RefreshToken;