Why google tokens are not refresh with Easy Auth?

Question

I am using the Easy Auth feature of Azure App Service and I am trying to refresh a token with the Google provider.

I followed the Chris Gillum article and correctly called $data = [ 'test@test.com' => [ 0 => {data}, 1 => {data}, ... ], 'bla@test.com' => [ 0 => {data}, 1 => {data}, ... ], ]; with the .auth/login/google parameter. Then I called access_type=offlinewhich return me a 200 OK with a new .auth/refresh. However, when I check the claims of this ZUMO token by calling authenticationToken, I can see that the Google token is in fact not refreshed despite the previous successful response. The .auth/me claims (corresponding to Expiration Time) is the same as the previous token.

I tried several scenario : refresh the token immediately after receiving it, 10 minutes before the expiration time and after the expiration time (when the token is no longer valid) but in every scenario, Easy Auth return me a new ZUMO token but the Google token associated is always the same.

Is it normal for the exp endpoint to always return the same token (same .auth/refresh claims) with the Google provider ?

Answer 1

正如Exchange authorization code for refresh and access tokens所述，关于refresh_token：

  

可用于获取新访问令牌的令牌。 刷新令牌在用户撤消访问权限之前有效。请注意，始终为已安装的应用程序返回刷新令牌。

来自Refreshing an access token的回复仅包含access_token，expires_in（访问令牌的剩余生命周期，以秒为单位），token_type

  

.auth / refresh端点始终与Google提供商返回相同的令牌（相同的exp声明）是否正常？

使用应用服务的MONITORING部分下的日志流，您可以在调用.auth/refresh时找到详细日志，如下所示：

此外，调用exp时.auth/me声明表示authenticationToken而非refresh_token的过期时间。

您可以利用jwt.io解码authenticationToken并将其与exp用户声明进行比较。