Web API 刷新令牌在访问令牌过期时不刷新
Web API refresh token not refreshing when access token is expired
在我的网站中 API 我正在实施基于 owin 承载令牌的身份验证,在我的客户端应用程序中,我想在访问令牌过期时使用刷新令牌刷新访问令牌,这就是我设置访问权限到期的原因令牌只有 15 分钟,刷新令牌为 1 小时。当我的原始访问令牌过期时,我无法刷新访问令牌,即使我的刷新令牌有效但它在访问令牌有效时工作正常。
下面是我的代码。
public override void Create(AuthenticationTokenCreateContext context)
{
Guid Token = Guid.NewGuid();
using (InfoSystemEntities dbContext = new InfoSystemEntities())
{
RefreshToken RToken = new RefreshToken()
{
Token = Token,
IssueDateUtc = DateTime.UtcNow,
ExpiryDateUtc = DateTime.UtcNow.AddMinutes(Params.RefreshPasswordExpiryInMinutes),
IssuedTo = context.Ticket.Identity.GetUserId<int>()
};
context.Ticket.Properties.IssuedUtc = RToken.IssueDateUtc;
context.Ticket.Properties.IssuedUtc = RToken.ExpiryDateUtc;
RToken.ProtectedTicket = context.SerializeTicket();
dbContext.RefreshTokens.Add(RToken);
if (dbContext.SaveChanges() > 0)
{
context.SetToken(Token.ToString());
//context.SetToken(context.SerializeTicket());
}
}
}
public override void Receive(AuthenticationTokenReceiveContext context)
{
using (InfoSystemEntities dbContext = new InfoSystemEntities())
{
Guid Token = Guid.Parse(context.Token);
RefreshToken RToken = dbContext.RefreshTokens.Where(T => T.Token == Token).FirstOrDefault();
if (RToken != null)
{
if (RToken.ExpiryDateUtc > DateTime.UtcNow)
{
context.DeserializeTicket(RToken.ProtectedTicket);
}
else
{
context.Response.Write("refresh_token not found or expired");
}
//dbContext.RefreshTokens.Attach(RToken);
//dbContext.RefreshTokens.Remove(RToken);
//dbContext.SaveChanges();
}
else
{
context.Response.Write("refresh_token not found or expired");
}
}
}
public class OAuthProvider : OAuthAuthorizationServerProvider
{
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//MyUserManager CustomUserManager = HttpContext.Current.GetOwinContext().GetUserManager<MyUserManager>();
MyUserManager CustomUserManager = new MyUserManager();
var user = await CustomUserManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
context.Rejected();
return;
}
if (!user.IsActive)
{
context.SetError("invalid_grant", "The user account is disabled");
context.Rejected();
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("FullName", user.FirstName + " " + user.LastName));
// Optional : You can add a role based claim by uncommenting the line below.
identity.AddClaim(new Claim("Role", user.Role));
identity.AddClaim(new Claim(ClaimTypes.Role, user.Role));
var props = new AuthenticationProperties(new Dictionary<string, string> { { "firstname", user.FirstName }, { "lastname", user.LastName }, { "email", user.UserName }, { "role", user.Role }, { "refresh_token_expires_in", (Params.RefreshPasswordExpiryInMinutes * 60).ToString() } });
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
if (context.ClientId == null)
context.Validated();
return Task.FromResult<object>(null);
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
newIdentity.AddClaim(new Claim("newClaim", "newValue"));
var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult<object>(null);
}
}
检查您在 context.Ticket.Properties.IssuedUtc = RToken.ExpiryDateUtc 中的代码;应该是 ExpiresUtc 而不是 IssuedUtc
在我的网站中 API 我正在实施基于 owin 承载令牌的身份验证,在我的客户端应用程序中,我想在访问令牌过期时使用刷新令牌刷新访问令牌,这就是我设置访问权限到期的原因令牌只有 15 分钟,刷新令牌为 1 小时。当我的原始访问令牌过期时,我无法刷新访问令牌,即使我的刷新令牌有效但它在访问令牌有效时工作正常。 下面是我的代码。
public override void Create(AuthenticationTokenCreateContext context)
{
Guid Token = Guid.NewGuid();
using (InfoSystemEntities dbContext = new InfoSystemEntities())
{
RefreshToken RToken = new RefreshToken()
{
Token = Token,
IssueDateUtc = DateTime.UtcNow,
ExpiryDateUtc = DateTime.UtcNow.AddMinutes(Params.RefreshPasswordExpiryInMinutes),
IssuedTo = context.Ticket.Identity.GetUserId<int>()
};
context.Ticket.Properties.IssuedUtc = RToken.IssueDateUtc;
context.Ticket.Properties.IssuedUtc = RToken.ExpiryDateUtc;
RToken.ProtectedTicket = context.SerializeTicket();
dbContext.RefreshTokens.Add(RToken);
if (dbContext.SaveChanges() > 0)
{
context.SetToken(Token.ToString());
//context.SetToken(context.SerializeTicket());
}
}
}
public override void Receive(AuthenticationTokenReceiveContext context)
{
using (InfoSystemEntities dbContext = new InfoSystemEntities())
{
Guid Token = Guid.Parse(context.Token);
RefreshToken RToken = dbContext.RefreshTokens.Where(T => T.Token == Token).FirstOrDefault();
if (RToken != null)
{
if (RToken.ExpiryDateUtc > DateTime.UtcNow)
{
context.DeserializeTicket(RToken.ProtectedTicket);
}
else
{
context.Response.Write("refresh_token not found or expired");
}
//dbContext.RefreshTokens.Attach(RToken);
//dbContext.RefreshTokens.Remove(RToken);
//dbContext.SaveChanges();
}
else
{
context.Response.Write("refresh_token not found or expired");
}
}
}
public class OAuthProvider : OAuthAuthorizationServerProvider
{
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//MyUserManager CustomUserManager = HttpContext.Current.GetOwinContext().GetUserManager<MyUserManager>();
MyUserManager CustomUserManager = new MyUserManager();
var user = await CustomUserManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
context.Rejected();
return;
}
if (!user.IsActive)
{
context.SetError("invalid_grant", "The user account is disabled");
context.Rejected();
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("FullName", user.FirstName + " " + user.LastName));
// Optional : You can add a role based claim by uncommenting the line below.
identity.AddClaim(new Claim("Role", user.Role));
identity.AddClaim(new Claim(ClaimTypes.Role, user.Role));
var props = new AuthenticationProperties(new Dictionary<string, string> { { "firstname", user.FirstName }, { "lastname", user.LastName }, { "email", user.UserName }, { "role", user.Role }, { "refresh_token_expires_in", (Params.RefreshPasswordExpiryInMinutes * 60).ToString() } });
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
if (context.ClientId == null)
context.Validated();
return Task.FromResult<object>(null);
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
newIdentity.AddClaim(new Claim("newClaim", "newValue"));
var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult<object>(null);
}
}
检查您在 context.Ticket.Properties.IssuedUtc = RToken.ExpiryDateUtc 中的代码;应该是 ExpiresUtc 而不是 IssuedUtc