系統中沒有內置刷新access_token
。但是,您可以使用IdentityModel
程序包請求帶有refresh_token
的新access_token
。
Client
有一個屬性AllowOfflineAccess
你應該在IdentityServer中設置爲true。請注意,這不是而是適用於隱式/客戶端憑據流。
- 始終刷新在進行調用受保護資源
- 檢查當前
access_token
即將通過檢查其壽命到期的ACCESS_TOKEN之前,並要求新access_token
與refresh_token
(個人喜好)
- 等待API返回401廣告請求新
access_token
與refresh_token
在此之前的代碼,你可以檢查access_token
壽命和/或請求新access_token
var discoveryResponse = await DiscoveryClient.GetAsync("IdentityServer url");
if (discoveryResponse.IsError)
{
throw new Exception(discoveryResponse.Error);
}
var tokenClient = new TokenClient(discoveryResponse.TokenEndpoint, "ClientId", "ClientSecret");
// This will request a new access_token and a new refresh token.
var tokenResponse = await tokenClient.RequestRefreshTokenAsync(await httpContext.Authentication.GetTokenAsync("refresh_token"));
if (tokenResponse.IsError)
{
// Handle error.
}
var oldIdToken = await httpContext.Authentication.GetTokenAsync("id_token");
var tokens = new List<AuthenticationToken>
{
new AuthenticationToken
{
Name = OpenIdConnectParameterNames.IdToken,
Value = oldIdToken
},
new AuthenticationToken
{
Name = OpenIdConnectParameterNames.AccessToken,
Value = tokenResult.AccessToken
},
new AuthenticationToken
{
Name = OpenIdConnectParameterNames.RefreshToken,
Value = tokenResult.RefreshToken
}
};
var expiresAt = DateTime.UtcNow.AddSeconds(tokenResult.ExpiresIn);
tokens.Add(new AuthenticationToken
{
Name = "expires_at",
Value = expiresAt.ToString("o", CultureInfo.InvariantCulture)
});
// Sign in the user with a new refresh_token and new access_token.
var info = await httpContext.Authentication.GetAuthenticateInfoAsync("Cookies");
info.Properties.StoreTokens(tokens);
await httpContext.Authentication.SignInAsync("Cookies", info.Principal, info.Properties);
來自並略作修改之前把這個包代碼服務:Source
大。謝謝。這工作。 –