Microsoft Owin令牌和刷新令牌即将过期

时间:2019-10-24 16:03:41

标签: asp.net-web-api refresh-token owin-middleware

我正在使用WebAPI来回答android和我的角度UI请求。为了进行身份验证,我使用了OWIN库。我已将令牌过期时间设置为1天,并将令牌过期时间设置为7天,但是我的令牌在2小时后过期,并且在我调用刷新令牌函数时收到invalid_grant响应...

有人知道为什么这个到期时间不起作用吗?

这是我的代码:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        var corsPolicy = new EnableCorsAttribute("*", "*", "*");
        app.UseCors(new CorsOptions
        {
            PolicyProvider = new CorsPolicyProvider
            {
                PolicyResolver = request =>
                    request.Path.Value == "/token" ?
                        corsPolicy.GetCorsPolicyAsync(null, CancellationToken.None) :
                        Task.FromResult<CorsPolicy>(null)
            }
        });

        OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/token"),
            Provider = new ApplicationOAuthProvider(),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            AllowInsecureHttp = true,
            RefreshTokenProvider = new ApplicationRefreshTokenProvider()
        };
        app.UseOAuthBearerTokens(option);
        app.UseOAuthAuthorizationServer(option);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}

public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        if (context.ClientId == null)
            context.Validated();

        return Task.FromResult<object>(null);
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        UserCredential uc = Repository.UserRepository.FindByUserNameAndPassword(context.UserName, context.Password);

        if (uc != null)
        {
            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim("Username", uc.UserName));
            identity.AddClaim(new Claim("Id", uc.User.Id.ToString()));
            identity.AddClaim(new Claim("Phone", uc.User.Phone));
            identity.AddClaim(new Claim("FirstName", uc.User.FirstName));
            identity.AddClaim(new Claim("LastName", uc.User.LastName));
            identity.AddClaim(new Claim("Address", uc.User.Address));
            identity.AddClaim(new Claim("PostalCode", uc.User.PostalCode));
            identity.AddClaim(new Claim("LoggedOn", DateTime.Now.ToString()));
            identity.AddClaim(new Claim(ClaimTypes.Role, uc.User.Role));
            var additionalData = new AuthenticationProperties(new Dictionary<string, string>
            {
                {
                    "role", uc.User.Role
                }
            });
            var token = new AuthenticationTicket(identity, additionalData);
            context.Validated(token);
        }
        else
        {
            context.SetError("invalid_grant", "Username or password is not valid.");
            context.Rejected();
        }

    }

    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }

    public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
    {
        var newIdentity = new ClaimsIdentity(context.Ticket.Identity);

        var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
        context.Validated(newTicket);

        return Task.FromResult<object>(null);
    }
}

public class ApplicationRefreshTokenProvider : IAuthenticationTokenProvider
{
    private const int EXPIRE_DAYS = 7;

    public async Task CreateAsync(AuthenticationTokenCreateContext context)
    {
        Create(context);
    }

    public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
    {
        Receive(context);
    }

    public void Create(AuthenticationTokenCreateContext context)
    {
        object inputs;
        context.OwinContext.Environment.TryGetValue("Microsoft.Owin.Form#collection", out inputs);

        var grantType = ((FormCollection)inputs)?.GetValues("grant_type");

        var grant = grantType.FirstOrDefault();

        if (grant == null || grant.Equals("refresh_token")) return;

        context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(EXPIRE_DAYS);

        context.SetToken(context.SerializeTicket());
    }

    public void Receive(AuthenticationTokenReceiveContext context)
    {
        context.DeserializeTicket(context.Token);

        if (context.Ticket == null)
        {
            context.Response.StatusCode = 400;
            context.Response.ContentType = "application/json";
            context.Response.ReasonPhrase = "invalid token";
            return;
        }

        if (context.Ticket.Properties.ExpiresUtc <= DateTime.UtcNow)
        {
            context.Response.StatusCode = 401;
            context.Response.ContentType = "application/json";
            context.Response.ReasonPhrase = "unauthorized";
            return;
        }

        context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(EXPIRE_DAYS);
        context.SetTicket(context.Ticket);
    }
}

我做什么: 我首先发送令牌请求,并获得令牌和刷新令牌。在大约2个小时后,尽管我将令牌有效期设置为1天,但是当我发送refresh_token请求时,仍收到invalid_grant响应!

0 个答案:

没有答案