Dan*_*nce 3 oauth adfs oauth-2.0 adfs3.0
我将ADFS3 OAuth2配置为返回Refresh Tokens:
PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices
PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10
PS> Set-AdfsProperties -SSOLifetime 480
Access Token持续10分钟,Refresh Token持续480分钟.
然后我通过GETing生成一个访问令牌:
https://myadfsdomain/adfs/oauth/authorize
?response_type=code
&client_id=MYCLIENTID
&redirect_uri=https://myserver/callback
&resource=MYRelyingPartyId
并发布responseCodeEg:
$http({method: "post",
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
url: "https://myadfsdomain/adfs/oauth2/token",
data: "client_id=MYCLIENTID&code=" + responseCode + "&redirect_uri=https://myserver/callback&grant_type=authorization_code" })
响应具有访问令牌,类型,过期时间和刷新令牌:
{"access_token":"blah...",
"token_type":"bearer",
"expires_in":600,
"refresh_token":"blahblah..."}
大.访问令牌现在有效,无论它配置多久(这里10分钟)
问题是,一旦该时间到期,我们如何使用它refresh_token来获取另一个访问令牌?IE:
refresh_token?刷新令牌授权类型也针对您用于交换授权代码的令牌端点执行.您应该根据RFC使用POST:https://tools.ietf.org/html/rfc6749#section-6并至少提供参数grant_type和refresh_token.一个例子,基于RFC中的一个:
POST /adfs/oauth2/token HTTP/1.1
Host: myadfsdomain
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=<blahblah...>
| 归档时间: |
|
| 查看次数: |
4142 次 |
| 最近记录: |