应用服务刷新令牌
App Service Refresh Tokens
关于使用针对应用服务的 MobileServiceClient 刷新 Google 令牌,有什么变化吗?我曾经能够使用 MobileServiceClient 在我的 Xamarin Forms 应用程序中刷新 Google 令牌。现在,登录后,任何刷新尝试都被禁止 returns。
我的登录码如下:
public class Authentication : IAuthentication
{
public async Task<MobileServiceUser> LoginAsync(MobileServiceClient mobileClient, MobileServiceAuthenticationProvider provider)
{
return await mobileClient.LoginAsync(
Forms.Context,
provider,
new Dictionary<string, string>()
{
{ "access_type", "offline" }
});
}
}
我的刷新码是:
var user = await MobileService.RefreshUserAsync();
即使我在成功登录后立即尝试刷新,也无法刷新。 Token Store 配置为 "On"。刷新对 Microsoft 提供商工作正常。几个月前它还在工作。
Microsoft.Azure.Mobile.Client v3.1.0
Microsoft.Azure.Mobile.Serverv2.0.0
直接浏览 https://[my-website].azurewebsites.net/.auth/login/google returns "You have successfully signed in"
直接浏览 https://[my-website].azurewebsites.net/.auth/me returns [{"access_token":"ya29.Gl3ZAw6B1H0cT_e6vRlHgwQd0U-bcDSKo_CGQ9wKwPH8H-EbtNojP61JSzDaiIgSzU14PrT3QRb14NsFPhFYrU8ikCPGkhwKkZMAtHCNSdzDhTPm5cl89VrAlNc3vRU","expires_on":"2017-01-20T15:00:21.3928445Z" ,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjZlYzMwOTBlZjgyM2YxMWFhN2VhNDE0N2FlZWM1Zjk0YmViNWZkMDMifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE0ODQ5MjA4MjEsImV4cCI6MTQ4NDkyNDQyMSwiYXRfaGFzaCI6IlhHa3dqOFpiZU9GX2N3SmpqeEpMRnciLCJhdWQiOiI3NDgwNzM0Njg2NDktanRtNTl0N21sY3NjaTg5bG9rYnV2c2VvYW5uMjhiZ3EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDE4MTI5MTIzODE5MTgwNDA4NDciLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXpwIjoiNzQ4MDczNDY4NjQ5LWp0bTU5dDdtbGNzY2k4OWxva2J1dnNlb2FubjI4YmdxLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJnY3JvY2tlbmJlcmdAZ21haWwuY29tIiwibmFtZSI6ImdlcmFyZCBjcm9ja2VuYmVyZyIsInBpY3R1cmUiOiJodHRwczovL2xoNS5nb29nbGV1c2VyY29udGVudC5jb20vLVpINUxBQ1RhQTRJL0FBQUFBQUFBQUFJL0FBQUFBQUFBQUFBL0FLQl9VOHRpamZ5ZUN3Qk9tWUxzTmM4QUZJcTNDVGJhVHcvczk2LWMvcGhvdG8uanBnIiwiZ2l2ZW5fbmFtZSI6ImdlcmFyZCIsImZhbWlseV9uYW1lIjoiY3JvY2tlbmJlcmcifQ.Qie3hRwKP-mbzMp3gzWatmQdLLVw3Ae7PXw1Ly8Se7-EQWBPgky0TsQ-fvZIasiHaq1tQu9lXyNu9qYqaaAvKxKCGxRE5yYhC76Yar_rQig14lf42bMRYQ3ADzwsPZ0yUbEpk-h4_HU5Ld1lNqYG-hgzEdUsJm_uspJk7FggwcfuPw-YQJr-GXbqd2Om9fmgGPrPrsFy7EzPGL27q_BIY3cOLEVX0e3tbAAVhxFCri835nBKdkYOP9X2g6wSuMWCq6iPOjFzErhVYR_WUwi5H-UW6mJHswcAfs_3Hwwt9RzCqfcyS1ZaehQVJE5B3uvK9WmAOrbD7uyEQmSli_zRWw","provider_name":"google","user_claims":[{"typ":"iss","val" :"https://accounts.google.com"},{"typ":"iat","val":"1484920821"},{"typ":"exp","val" :"1484924421"},{"typ":"at_hash","val":"XGkwj8ZbeOF_cwJjjxJLFw"},{"typ":"aud","val" :"748073468649-jtm59t7mlcsci89lokbuvseoann28bgq.apps.googleusercontent.com"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","val":"101812912381918040847"},{"typ":"email_verified","val":"true"},{"typ":"azp","val":"748073468649-jtm59t7mlcsci89lokbuvseoann28bgq.apps.googleusercontent.com"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","val":"[my-googleemail]"},{"typ":"name","val":"[我的名字]"}, {"typ":"picture","val":"https://lh5.googleusercontent.com/-ZH5LACTaA4I/AAAAAAAAAAI/AAAAAAAAAAA/AKB_U8tijfyeCwBOmYLsNc8AFIq3CTbaTw/s96-c/photo.jpg"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","val":"[my-givenname]"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname","val":"[my-surname]"}],"user_id":"[my-googleemail ]"}]
直接浏览https://[my-website].azurewebsites/.auth/refreshreturns"You do not have permission to view this directory or page"
如果我用 "microsoftaccount" 重复这些步骤,最后的刷新步骤有效。
来自 Azure 请求跟踪:
107.-GENERAL_FLUSH_RESPONSE_START
0 毫秒
信息性
108.-GENERAL_RESPONSE_HEADERS
Headers
Content-Type: text/html
服务器:Microsoft-IIS/8.0
X-FE-DATA: AppId:Unknown-状态码
X-Powered-By: ASP.NET
DWAS-Handler-Name:开始|403|80|0x0|CONFIG_SUCCESS|ExtensionlessUrlHandler-Integrated-4.0|###.##.##.###|\###.##。 ##.##\volume-4-default\&ApiApp=0
0 毫秒
详细
109.-GENERAL_RESPONSE_ENTITY_BUFFER
缓冲区
您没有权限查看此目录或页面。
0 毫秒
信息性
110.-GENERAL_FLUSH_RESPONSE_END
发送字节数 400
ErrorCode 操作成功完成。
(0x0)
根据您的详细信息,我注意到当您直接浏览https://[my-website].azurewebsites.net/.auth/me时,响应中没有包含refresh_token。要隔离此问题,您可以参考以下步骤:
1.Browser https://brucechen-mobile.azurewebsites.net/.auth/login/google?access_type=offline 并使用 google 帐户登录;
2.Access /.auth/me 检索我的记录信息如下:
3.Browser /.auth/refresh 看能不能收到200 http状态码的响应
此外,您可以关注此官方tutorial about refreshing user logins in App Service Mobile Apps to troubleshoot this issue. Additionally, you could leverage Fiddler以获取调用MobileService.RefreshUserAsync()时的详细响应。
事实证明,对于 Google 次登录,刷新令牌仅在首次登录时发出。我移动了我的 Azure 网站并重新指向了 OAuth 客户端设置,这样我就可以登录了,但是 Token Store 不再有随我初始 Google 登录一起发送的 refresh_token 的副本。在这里找到其余的答案。
Not receiving Google OAuth refresh token
关于使用针对应用服务的 MobileServiceClient 刷新 Google 令牌,有什么变化吗?我曾经能够使用 MobileServiceClient 在我的 Xamarin Forms 应用程序中刷新 Google 令牌。现在,登录后,任何刷新尝试都被禁止 returns。
我的登录码如下:
public class Authentication : IAuthentication
{
public async Task<MobileServiceUser> LoginAsync(MobileServiceClient mobileClient, MobileServiceAuthenticationProvider provider)
{
return await mobileClient.LoginAsync(
Forms.Context,
provider,
new Dictionary<string, string>()
{
{ "access_type", "offline" }
});
}
}
我的刷新码是:
var user = await MobileService.RefreshUserAsync();
即使我在成功登录后立即尝试刷新,也无法刷新。 Token Store 配置为 "On"。刷新对 Microsoft 提供商工作正常。几个月前它还在工作。
Microsoft.Azure.Mobile.Client v3.1.0
Microsoft.Azure.Mobile.Serverv2.0.0
直接浏览 https://[my-website].azurewebsites.net/.auth/login/google returns "You have successfully signed in"
直接浏览 https://[my-website].azurewebsites.net/.auth/me returns [{"access_token":"ya29.Gl3ZAw6B1H0cT_e6vRlHgwQd0U-bcDSKo_CGQ9wKwPH8H-EbtNojP61JSzDaiIgSzU14PrT3QRb14NsFPhFYrU8ikCPGkhwKkZMAtHCNSdzDhTPm5cl89VrAlNc3vRU","expires_on":"2017-01-20T15:00:21.3928445Z" ,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjZlYzMwOTBlZjgyM2YxMWFhN2VhNDE0N2FlZWM1Zjk0YmViNWZkMDMifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE0ODQ5MjA4MjEsImV4cCI6MTQ4NDkyNDQyMSwiYXRfaGFzaCI6IlhHa3dqOFpiZU9GX2N3SmpqeEpMRnciLCJhdWQiOiI3NDgwNzM0Njg2NDktanRtNTl0N21sY3NjaTg5bG9rYnV2c2VvYW5uMjhiZ3EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDE4MTI5MTIzODE5MTgwNDA4NDciLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXpwIjoiNzQ4MDczNDY4NjQ5LWp0bTU5dDdtbGNzY2k4OWxva2J1dnNlb2FubjI4YmdxLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJnY3JvY2tlbmJlcmdAZ21haWwuY29tIiwibmFtZSI6ImdlcmFyZCBjcm9ja2VuYmVyZyIsInBpY3R1cmUiOiJodHRwczovL2xoNS5nb29nbGV1c2VyY29udGVudC5jb20vLVpINUxBQ1RhQTRJL0FBQUFBQUFBQUFJL0FBQUFBQUFBQUFBL0FLQl9VOHRpamZ5ZUN3Qk9tWUxzTmM4QUZJcTNDVGJhVHcvczk2LWMvcGhvdG8uanBnIiwiZ2l2ZW5fbmFtZSI6ImdlcmFyZCIsImZhbWlseV9uYW1lIjoiY3JvY2tlbmJlcmcifQ.Qie3hRwKP-mbzMp3gzWatmQdLLVw3Ae7PXw1Ly8Se7-EQWBPgky0TsQ-fvZIasiHaq1tQu9lXyNu9qYqaaAvKxKCGxRE5yYhC76Yar_rQig14lf42bMRYQ3ADzwsPZ0yUbEpk-h4_HU5Ld1lNqYG-hgzEdUsJm_uspJk7FggwcfuPw-YQJr-GXbqd2Om9fmgGPrPrsFy7EzPGL27q_BIY3cOLEVX0e3tbAAVhxFCri835nBKdkYOP9X2g6wSuMWCq6iPOjFzErhVYR_WUwi5H-UW6mJHswcAfs_3Hwwt9RzCqfcyS1ZaehQVJE5B3uvK9WmAOrbD7uyEQmSli_zRWw","provider_name":"google","user_claims":[{"typ":"iss","val" :"https://accounts.google.com"},{"typ":"iat","val":"1484920821"},{"typ":"exp","val" :"1484924421"},{"typ":"at_hash","val":"XGkwj8ZbeOF_cwJjjxJLFw"},{"typ":"aud","val" :"748073468649-jtm59t7mlcsci89lokbuvseoann28bgq.apps.googleusercontent.com"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","val":"101812912381918040847"},{"typ":"email_verified","val":"true"},{"typ":"azp","val":"748073468649-jtm59t7mlcsci89lokbuvseoann28bgq.apps.googleusercontent.com"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","val":"[my-googleemail]"},{"typ":"name","val":"[我的名字]"}, {"typ":"picture","val":"https://lh5.googleusercontent.com/-ZH5LACTaA4I/AAAAAAAAAAI/AAAAAAAAAAA/AKB_U8tijfyeCwBOmYLsNc8AFIq3CTbaTw/s96-c/photo.jpg"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","val":"[my-givenname]"},{"typ":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname","val":"[my-surname]"}],"user_id":"[my-googleemail ]"}]
直接浏览https://[my-website].azurewebsites/.auth/refreshreturns"You do not have permission to view this directory or page"
如果我用 "microsoftaccount" 重复这些步骤,最后的刷新步骤有效。
来自 Azure 请求跟踪:
107.-GENERAL_FLUSH_RESPONSE_START
0 毫秒
信息性
108.-GENERAL_RESPONSE_HEADERS
Headers
Content-Type: text/html
服务器:Microsoft-IIS/8.0
X-FE-DATA: AppId:Unknown-状态码
X-Powered-By: ASP.NET
DWAS-Handler-Name:开始|403|80|0x0|CONFIG_SUCCESS|ExtensionlessUrlHandler-Integrated-4.0|###.##.##.###|\###.##。 ##.##\volume-4-default\&ApiApp=0
0 毫秒
详细
109.-GENERAL_RESPONSE_ENTITY_BUFFER
缓冲区
您没有权限查看此目录或页面。
0 毫秒
信息性
110.-GENERAL_FLUSH_RESPONSE_END
发送字节数 400
ErrorCode 操作成功完成。
(0x0)
根据您的详细信息,我注意到当您直接浏览https://[my-website].azurewebsites.net/.auth/me时,响应中没有包含refresh_token。要隔离此问题,您可以参考以下步骤:
1.Browser https://brucechen-mobile.azurewebsites.net/.auth/login/google?access_type=offline 并使用 google 帐户登录;
2.Access /.auth/me 检索我的记录信息如下:
3.Browser /.auth/refresh 看能不能收到200 http状态码的响应
此外,您可以关注此官方tutorial about refreshing user logins in App Service Mobile Apps to troubleshoot this issue. Additionally, you could leverage Fiddler以获取调用MobileService.RefreshUserAsync()时的详细响应。
事实证明,对于 Google 次登录,刷新令牌仅在首次登录时发出。我移动了我的 Azure 网站并重新指向了 OAuth 客户端设置,这样我就可以登录了,但是 Token Store 不再有随我初始 Google 登录一起发送的 refresh_token 的副本。在这里找到其余的答案。
Not receiving Google OAuth refresh token