刷新令牌为空,AllowOfflineAccess为true,范围我有offline_access

时间:2018-05-21 17:36:40

标签: c# asp.net-core identityserver4

刷新令牌始终为空,这是我的代码:

new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    RequireConsent = false,
    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
    AllowAccessTokensViaBrowser = true,

    ClientSecrets = {new Secret("secret".Sha256())},
    RedirectUris = { "http://localhost:7002/Account/callback" }, //{ "http://localhost:7002/signin-oidc" }, //
    PostLogoutRedirectUris = { "http://localhost:7002/signout-callback-oidc" },

    AllowedScopes = new List<string>
    {

        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        IdentityServerConstants.StandardScopes.OfflineAccess,
        "api1"
    },
    AllowOfflineAccess = true,
    AlwaysIncludeUserClaimsInIdToken = true
}

这是我的MVCClient 

services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "oidc";
})
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        options.SignInScheme = "Cookies";

        options.Authority = "http://localhost:7000";
        options.RequireHttpsMetadata = false;

        options.ClientId = "mvc";
        options.ClientSecret = "secret";
        options.ResponseType = "code id_token token";

        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;

        options.Scope.Add("api1");
        options.Scope.Add("offline_access");
    });

我通过创建授权网址进行登录,这就是我创建它的方式:

var host = _context.HttpContext.Request.Host.Host; 
var discoveryClient = new DiscoveryClient(Configuration["auth:oidc:authority"]);
var disco = await discoveryClient.GetAsync();
var request = new RequestUrl(disco.AuthorizeEndpoint);
authorizeUrl = request.CreateAuthorizeUrl(
    clientId: "mvc",
    responseType: "code id_token token",
    responseMode: OidcConstants.ResponseModes.FormPost,
    scope: "openid profile api1 offline_access",
    redirectUri: "http://localhost:7002/Account/callback", //"http://localhost:7002/signin-oidc", // 
    state: CryptoRandom.CreateUniqueId(),
    nonce: CryptoRandom.CreateUniqueId(),
    acrValues: host);

return Redirect(authorizeUrl);

我被重定向到登录页面,我进行登录,一旦我登录,并返回到CallBack()(在HomeController中),除了空的refresh_token之外,我得到了所有内容:

public async Task<IActionResult> Callback()
{
    var code = Request.Form["code"];
    var tokenType = Request.Form["token_type"];
    var idToken = Request.Form["id_token"];
    var scope = Request.Form["scope"];
    var state = Request.Form["state"];
    var session_state = Request.Form["session_state"];
    var error = Request.Form["error"];
    var expiresAt = Request.Form["expires_in"];
    var accessToken = Request.Form["access_token"];
    var refreshToken = Request.Form["refresh_token"];
}

回顾一下:refresh_token为空{},而不是null。为了以其他方式测试它,对于about方法我添加了[authorize],如果我只通过点击那里登录,那么我确实有一个refresh_token。

我错过了什么吗?

1 个答案:

答案 0 :(得分:0)

您只能通过令牌端点调用获取刷新令牌。您需要使用回复中的/connect/token来调用code

此外,由于您手动执行请求和回调,因此调用AddOpenIdConnect可能没有意义。

相关问题
最新问题