刷新令牌到期 Microsoft.Owin

Expiration of refresh tokens Microsoft.Owin

我这样创建刷新令牌:

public async Task CreateAsync(AuthenticationTokenCreateContext context)
{   
    var refreshTokenId = Guid.NewGuid().ToString("N");

    context.Ticket.Properties.IssuedUtc = token.IssuedAtUtc;
    //context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddMonths(1);

    // Persist created token

    context.SetToken(refreshTokenId);
}

如果我评论 //context.Ticket.Properties.ExpiresUtc = 行,我创建的刷新令牌永远不会过期(直到我删除 it/make 删除)是否正确?

By default 刷​​新令牌的 Ticket.Properties.ExpiresUtc 具有访问令牌的到期时间。

如果您希望刷新令牌不会过期,您需要在刷新令牌的提供程序创建方法中将 ExpiresUtc 设置为 null

context.Ticket.Properties.IssuedUtc = token.IssuedAtUtc;
context.Ticket.Properties.ExpiresUtc = null;

更新:

You can't 有没有过期时间的刷新令牌。否则你会得到 { "error": "invalid_grant" }.