我正在使用WebAPI来回答android和我的角度UI请求。为了进行身份验证,我使用了OWIN库。我已将令牌过期时间设置为1天,并将令牌过期时间设置为7天,但是我的令牌在2小时后过期,并且在我调用刷新令牌函数时收到invalid_grant响应...
有人知道为什么这个到期时间不起作用吗?
这是我的代码:
public class Startup
{
public void Configuration(IAppBuilder app)
{
var corsPolicy = new EnableCorsAttribute("*", "*", "*");
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = request =>
request.Path.Value == "/token" ?
corsPolicy.GetCorsPolicyAsync(null, CancellationToken.None) :
Task.FromResult<CorsPolicy>(null)
}
});
OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/token"),
Provider = new ApplicationOAuthProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
AllowInsecureHttp = true,
RefreshTokenProvider = new ApplicationRefreshTokenProvider()
};
app.UseOAuthBearerTokens(option);
app.UseOAuthAuthorizationServer(option);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
if (context.ClientId == null)
context.Validated();
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
UserCredential uc = Repository.UserRepository.FindByUserNameAndPassword(context.UserName, context.Password);
if (uc != null)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("Username", uc.UserName));
identity.AddClaim(new Claim("Id", uc.User.Id.ToString()));
identity.AddClaim(new Claim("Phone", uc.User.Phone));
identity.AddClaim(new Claim("FirstName", uc.User.FirstName));
identity.AddClaim(new Claim("LastName", uc.User.LastName));
identity.AddClaim(new Claim("Address", uc.User.Address));
identity.AddClaim(new Claim("PostalCode", uc.User.PostalCode));
identity.AddClaim(new Claim("LoggedOn", DateTime.Now.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Role, uc.User.Role));
var additionalData = new AuthenticationProperties(new Dictionary<string, string>
{
{
"role", uc.User.Role
}
});
var token = new AuthenticationTicket(identity, additionalData);
context.Validated(token);
}
else
{
context.SetError("invalid_grant", "Username or password is not valid.");
context.Rejected();
}
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult<object>(null);
}
}
public class ApplicationRefreshTokenProvider : IAuthenticationTokenProvider
{
private const int EXPIRE_DAYS = 7;
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
Create(context);
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
Receive(context);
}
public void Create(AuthenticationTokenCreateContext context)
{
object inputs;
context.OwinContext.Environment.TryGetValue("Microsoft.Owin.Form#collection", out inputs);
var grantType = ((FormCollection)inputs)?.GetValues("grant_type");
var grant = grantType.FirstOrDefault();
if (grant == null || grant.Equals("refresh_token")) return;
context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(EXPIRE_DAYS);
context.SetToken(context.SerializeTicket());
}
public void Receive(AuthenticationTokenReceiveContext context)
{
context.DeserializeTicket(context.Token);
if (context.Ticket == null)
{
context.Response.StatusCode = 400;
context.Response.ContentType = "application/json";
context.Response.ReasonPhrase = "invalid token";
return;
}
if (context.Ticket.Properties.ExpiresUtc <= DateTime.UtcNow)
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
context.Response.ReasonPhrase = "unauthorized";
return;
}
context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(EXPIRE_DAYS);
context.SetTicket(context.Ticket);
}
}
我做什么: 我首先发送令牌请求,并获得令牌和刷新令牌。在大约2个小时后,尽管我将令牌有效期设置为1天,但是当我发送refresh_token请求时,仍收到invalid_grant响应!