Mat*_*ias 11 c# token asp.net-web-api owin
我设法得到一个简单的示例代码,可以创建一个承载令牌,并通过在stackoverflow上读取其他论坛来刷新令牌请求新的代码.
启动类看起来像这样
public class Startup
{
public static void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(
new OAuthBearerAuthenticationOptions());
app.UseOAuthAuthorizationServer(
new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new OAuthAuthorizationServerProvider()
{
OnValidateClientAuthentication = async c =>
{
c.Validated();
},
OnGrantResourceOwnerCredentials = async c =>
{
if (c.UserName == "alice" && c.Password == "supersecret")
{
Claim claim1 = new Claim(ClaimTypes.Name, c.UserName);
Claim[] claims = new Claim[] { claim1 };
ClaimsIdentity claimsIdentity =
new ClaimsIdentity(
claims, OAuthDefaults.AuthenticationType);
c.Validated(claimsIdentity);
}
}
},
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(40),
AllowInsecureHttp = true,
RefreshTokenProvider = new ApplicationRefreshTokenProvider()
});
}
}
我还有一个刷新令牌类,如下所示:
public class ApplicationRefreshTokenProvider : AuthenticationTokenProvider
{
public override void Create(AuthenticationTokenCreateContext context)
{
// Expiration time in seconds
int expire = 2 * 60;
context.Ticket.Properties.ExpiresUtc = new DateTimeOffset(DateTime.Now.AddSeconds(expire));
context.SetToken(context.SerializeTicket());
}
public override void Receive(AuthenticationTokenReceiveContext context)
{
context.DeserializeTicket(context.Token);
}
}
我理解的方式是,通过提供刷新令牌,您应该获得一个新的访问令牌.但是什么happends在此代码是,当我提供一个刷新令牌一个新的刷新令牌创建和藏汉返回.我希望它在第一次提供用户名/密码时创建访问和刷新令牌,但是每次使用刷新令牌发出新访问令牌请求时创建新的刷新令牌似乎都不正确?
例如,根据我的代码,在访问令牌上有20分钟的时间间隔,在刷新令牌上有两周时间,每20分钟就可以创建新的访问令牌,这很好,但是每20分钟也会创建新的刷新令牌但过去两周.然后将创建很多刷新令牌但不使用.
题:
我刚开始读/了解这几个小时前,所以我不是很确定,但是这是正确的行为或我应该cange我的代码以某种方式只能创建并返回一个新的访问令牌一个当刷新令牌提供而不是创建和返回一个新的刷新令牌?任何帮助或输入都非常感谢,谢谢!
由于还没有人回答,我将提供我所做的以及正在做我正在寻找的事情。因此,我现在将接受这个答案。
public class Startup
{
public static void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(
new OAuthBearerAuthenticationOptions());
app.UseOAuthAuthorizationServer(
new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new OAuthAuthorizationServerProvider()
{
OnValidateClientAuthentication = async c =>
{
c.Validated();
},
OnGrantResourceOwnerCredentials = async c =>
{
//Add a string with the current date
string dateNow = DateTime.UtcNow.ToString();
if (c.UserName == "alice" && c.Password == "supersecret")
{
Claim claim1 = new Claim(ClaimTypes.Name, c.UserName);
Claim[] claims = new Claim[] { claim1 };
ClaimsIdentity claimsIdentity =
new ClaimsIdentity(
claims, OAuthDefaults.AuthenticationType);
//Add a claim with the creationdate of the token
claimsIdentity.AddClaim(new Claim("creationDate", dateNow));
c.Validated(claimsIdentity);
}
}
},
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(40),
AllowInsecureHttp = true,
RefreshTokenProvider = new ApplicationRefreshTokenProvider()
});
}
}
在 ApplicationRefreshTokenProvider 中我做了这些更改
public class ApplicationRefreshTokenProvider : AuthenticationTokenProvider
{
public override void Create(AuthenticationTokenCreateContext context)
{
//Get the claim which holds creation date
DateTime creationDate = Convert.ToDateTime(clientid.Claims.Where(c => c.Type == "creationDate").Single().Value);
//Create a variable holding current time minus 30 seconds(This is how long time you can create new refresh tokens by providing your original refresh token)
DateTime now = DateTime.UtcNow.AddSeconds(-30);
//If the time has passed more than 30 seconds from the time you got your original access and refresh token by providing credentials
//you may not create and return new refresh tokens(Obviously the 30 seconds could be changed to something less or more aswell)
if(now < ceationDate)
{
// Expiration time in seconds
int expire = 2 * 60;
context.Ticket.Properties.ExpiresUtc = new DateTimeOffset(DateTime.Now.AddSeconds(expire));
context.SetToken(context.SerializeTicket());
}
}
public override void Receive(AuthenticationTokenReceiveContext context)
{
context.DeserializeTicket(context.Token);
}
}
| 归档时间: |
|
| 查看次数: |
14554 次 |
| 最近记录: |