ASP.NET 5 OpenIdConnect Refresh_Token

Question

我試圖創建一個token與refresh_token

其次this答案後通過@Shaun Luttin

public sealed class AuthorizationProvider : OpenIdConnectServerProvider 
{ 
    public override Task ValidateClientAuthentication(
     ValidateClientAuthenticationContext context) 
    { 
     // Since there's only one application and since it's a public client 
     // (i.e a client that cannot keep its credentials private), call Skipped() 
     // to inform the server the request should be accepted without 
     // enforcing client authentication. 
     context.Skipped(); 

     return Task.FromResult(0); 
    } 

    public override Task GrantResourceOwnerCredentials(
     GrantResourceOwnerCredentialsContext context) 
    { 
     // Validate the credentials here (e.g using ASP.NET Identity). 
     // You can call Rejected() with an error code/description to reject 
     // the request and return a message to the caller. 

     var identity = 
      new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); 
     identity.AddClaim(ClaimTypes.NameIdentifier, "todo"); 

     // By default, claims are not serialized in the access and identity tokens. 
     // Use the overload taking a "destination" to make sure your claims 
     // are correctly inserted in the appropriate tokens. 
     identity.AddClaim("urn:customclaim", "value", "token id_token"); 

     var ticket = new AuthenticationTicket(
      new ClaimsPrincipal(identity), 
      new AuthenticationProperties(), 
      context.Options.AuthenticationScheme); 

     // Call SetResources with the list of resource servers 
     // the access token should be issued for. 
     ticket.SetResources(new[] { "resource_server_1" }); 

     // Call SetScopes with the list of scopes you want to grant 
     // (specify offline_access to issue a refresh token). 
     ticket.SetScopes(new[] { "profile", "offline_access" }); 

     context.Validated(ticket); 

     return Task.FromResult<object>(null); 
    } 
} 

當我像這樣

POST http://localhost:50000/connect/token HTTP/1.1 
User-Agent: Fiddler 
Host: localhost:50000 
Content-Length: 61 
Content-Type: application/x-www-form-urlencoded 

grant_type = password & username = my_username & password = my_password 

令牌請求

我得到這樣的令牌

{ 
    "resource": "resource_server_1", 
    "scope": "profile offline_access", 
    "token_type": "bearer", 
    "access_token": "eyJh...W2rA", 
    "expires_in": "3600" 
} 

其工作正常，但沒有refresh_token屬性初始化。我怎麼弄到的？

Answer 1

我不知道出於某種原因手動指定

ticket.SetScopes(new[] { "profile", "offline_access" }); 

不工作，所以我刪除這條線，並添加scope參數到我的請求頭，現在我得到的響應與refresh_token

POST http://localhost:50000/connect/token HTTP/1.1 
User-Agent: Fiddler 
Host: localhost:50000 
Content-Length: 61 
Content-Type: application/x-www-form-urlencoded 

grant_type = password & username = my_username & password = my_password & scope = offline_access 

所以現在的反應是

{ 
    "resource": "resource_server_1", 
    "scope": "profile offline_access", 
    "token_type": "bearer", 
    "access_token": "eyJh...W2rA", 
    "refresh_token": "CfDJ8OV0Bu....AoUWPE" 
    "expires_in": "3600" 
}