ASP.NET 5 个 OpenIdConnect Refresh_Token
ASP.NET 5 OpenIdConnect Refresh_Token
我正在尝试用 refresh_token
创建一个 token
已关注 post @Shaun Luttin 的回答
public sealed class AuthorizationProvider : OpenIdConnectServerProvider
{
public override Task ValidateClientAuthentication(
ValidateClientAuthenticationContext context)
{
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skipped()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skipped();
return Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsContext context)
{
// Validate the credentials here (e.g using ASP.NET Identity).
// You can call Rejected() with an error code/description to reject
// the request and return a message to the caller.
var identity =
new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetResources with the list of resource servers
// the access token should be issued for.
ticket.SetResources(new[] { "resource_server_1" });
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(new[] { "profile", "offline_access" });
context.Validated(ticket);
return Task.FromResult<object>(null);
}
}
当我像这样请求令牌时
POST http://localhost:50000/connect/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:50000
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
grant_type = password & username = my_username & password = my_password
我得到这样的令牌
{
"resource": "resource_server_1",
"scope": "profile offline_access",
"token_type": "bearer",
"access_token": "eyJh...W2rA",
"expires_in": "3600"
}
它工作正常但没有 refresh_token
属性 初始化。我怎样才能得到它?
出于某种原因我不知道指定
ticket.SetScopes(new[] { "profile", "offline_access" });
手动不起作用,所以我删除了这一行并在我的请求 header 中添加了 scope
参数,现在我收到 refresh_token
的响应
POST http://localhost:50000/connect/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:50000
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
grant_type = password & username = my_username & password = my_password & scope = offline_access
所以现在的响应是
{
"resource": "resource_server_1",
"scope": "profile offline_access",
"token_type": "bearer",
"access_token": "eyJh...W2rA",
"refresh_token": "CfDJ8OV0Bu....AoUWPE"
"expires_in": "3600"
}
我正在尝试用 refresh_token
token
已关注
public sealed class AuthorizationProvider : OpenIdConnectServerProvider
{
public override Task ValidateClientAuthentication(
ValidateClientAuthenticationContext context)
{
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skipped()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skipped();
return Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsContext context)
{
// Validate the credentials here (e.g using ASP.NET Identity).
// You can call Rejected() with an error code/description to reject
// the request and return a message to the caller.
var identity =
new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetResources with the list of resource servers
// the access token should be issued for.
ticket.SetResources(new[] { "resource_server_1" });
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(new[] { "profile", "offline_access" });
context.Validated(ticket);
return Task.FromResult<object>(null);
}
}
当我像这样请求令牌时
POST http://localhost:50000/connect/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:50000
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
grant_type = password & username = my_username & password = my_password
我得到这样的令牌
{
"resource": "resource_server_1",
"scope": "profile offline_access",
"token_type": "bearer",
"access_token": "eyJh...W2rA",
"expires_in": "3600"
}
它工作正常但没有 refresh_token
属性 初始化。我怎样才能得到它?
出于某种原因我不知道指定
ticket.SetScopes(new[] { "profile", "offline_access" });
手动不起作用,所以我删除了这一行并在我的请求 header 中添加了 scope
参数,现在我收到 refresh_token
POST http://localhost:50000/connect/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:50000
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
grant_type = password & username = my_username & password = my_password & scope = offline_access
所以现在的响应是
{
"resource": "resource_server_1",
"scope": "profile offline_access",
"token_type": "bearer",
"access_token": "eyJh...W2rA",
"refresh_token": "CfDJ8OV0Bu....AoUWPE"
"expires_in": "3600"
}