刷新令牌到期 Microsoft.Owin
Expiration of refresh tokens Microsoft.Owin
我这样创建刷新令牌:
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshTokenId = Guid.NewGuid().ToString("N");
context.Ticket.Properties.IssuedUtc = token.IssuedAtUtc;
//context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddMonths(1);
// Persist created token
context.SetToken(refreshTokenId);
}
如果我评论 //context.Ticket.Properties.ExpiresUtc = 行,我创建的刷新令牌永远不会过期(直到我删除 it/make 删除)是否正确?
By default 刷新令牌的 Ticket.Properties.ExpiresUtc 具有访问令牌的到期时间。
如果您希望刷新令牌不会过期,您需要在刷新令牌的提供程序创建方法中将 ExpiresUtc 设置为 null:
context.Ticket.Properties.IssuedUtc = token.IssuedAtUtc;
context.Ticket.Properties.ExpiresUtc = null;
更新:
You can't 有没有过期时间的刷新令牌。否则你会得到 { "error": "invalid_grant" }.
我这样创建刷新令牌:
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshTokenId = Guid.NewGuid().ToString("N");
context.Ticket.Properties.IssuedUtc = token.IssuedAtUtc;
//context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddMonths(1);
// Persist created token
context.SetToken(refreshTokenId);
}
如果我评论 //context.Ticket.Properties.ExpiresUtc = 行,我创建的刷新令牌永远不会过期(直到我删除 it/make 删除)是否正确?
By default 刷新令牌的 Ticket.Properties.ExpiresUtc 具有访问令牌的到期时间。
如果您希望刷新令牌不会过期,您需要在刷新令牌的提供程序创建方法中将 ExpiresUtc 设置为 null:
context.Ticket.Properties.IssuedUtc = token.IssuedAtUtc;
context.Ticket.Properties.ExpiresUtc = null;
更新:
You can't 有没有过期时间的刷新令牌。否则你会得到 { "error": "invalid_grant" }.