我已使用和使用"Microsoft.AspNetCore.Authentication.OpenIdConnect":"1.0.0和"Microsoft.AspNetCore.Authentication.Cookies":"1.0.0"的asp.net核心mvc应用程序配置了ASOS OpenIdConnect服务器.我已经测试了"授权代码"工作流程,一切正常.
客户端Web应用程序按预期处理身份验证,并创建一个存储id_token,access_token和refresh_token的cookie.
如何强制Microsoft.AspNetCore.Authentication.OpenIdConnect在过期时请求新的access_token?
asp.net核心mvc应用程序忽略过期的access_token.
我想让openidconnect看到过期的access_token然后使用刷新令牌进行调用以获得新的access_token.它还应该更新cookie值.如果刷新令牌请求失败,我希望openidconnect"注销"cookie(删除它或其他东西).
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = "myClient",
ClientSecret = "secret_secret_secret",
PostLogoutRedirectUri = "http://localhost:27933/",
RequireHttpsMetadata = false,
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
ResponseType = OpenIdConnectResponseType.Code,
AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet,
Authority = http://localhost:27933,
MetadataAddress = "http://localhost:27933/connect/config",
Scope = { "email", "roles", "offline_access" },
});