【问题标题】:Setting new access_token in current HttpContext session在当前 HttpContext 会话中设置新的 access_token
【发布时间】:2018-04-21 08:10:43
【问题描述】:

你好。我正在使用 Identity Server 4 实现令牌提供程序,并希望将我的客户端应用程序提供给用户 Refresh Tokens

通过以下代码,我可以成功请求一对新的 access_tokenrefresh_token 并正确调用 API

public async Task<IActionResult> CallApiUsingUserRefreshToken()
{
   var oldAccessToken = await HttpContext.GetTokenAsync("access_token");
   var oldRefreshToken = await HttpContext.GetTokenAsync("refresh_token");

   var tokenClient = new TokenClient("http://localhost:5000/connect/token", "mvc", "secret");
   var newToken = await tokenClient.RequestRefreshTokenAsync(oldRefreshToken);

   var client = new HttpClient();
   client.SetBearerToken(newToken.AccessToken);
   var content = await client.GetStringAsync("http://localhost:5001/identity");

   ViewBag.Json = JArray.Parse(content).ToString();
   return View("json");
}

现在的问题是,如何将这对新配对存储在会话 cookie 中? 所以下次我使用这种方法时,我会使用 await HttpContext.GetTokenAsync("access_token") 我得到我最新的令牌


示例

第一次请求CallApiUsingUserRefreshToken()

旧的 access_token eyJhbGciOiJSUzI1NiIsImtpZCI6IjY5YTA1ZDE5NTZiNjM1YTI5OTRkN2Q4MmUzOTVlZDNlIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MTAxNTA4ODIsImV4cCI6MTUxMDE1MDkxMiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6Im12YyIsInN1YiI6IjY2MzQyOWUzLTIwNTYtNDg1OC1iN2RhLThmYjhiMDI4YTEyZiIsImF1dGhfdGltZSI6MTUxMDE1MDg4MCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiYXBpMSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.JJ4LhrEY05Z0CMKp9V81ur2ufZZSCmE2M0ACKsfqIMrq84eFg2IHu5RlbL7Tn4nD6TQj-6aLvhmJ0RunFOp4t1Sx-Qq_tgAsue5d5hEMZH-XK-gdf5wR94uNJX1imMSDsqD4C_IOiebeoAHHxGj39vHQvvQrZMeKsX1_o7h5XteCBfB51PclYycBZsu5iDV-EbbQaXCSjNlmWifYyCN52pwDeLcKLJp6rjEy765SJ50C8Zymuwjj7PHgvway_Sr5W0F-oNkUO-wqy60sFPaK3D62KuUpSIKVUUh4B164jkpUY0NiJefDAHogVTcSBsRbeJj6m6oiBGzKxx5JCCBB2g P>

旧的 refresh_token 981eb24796cf0bf191f0845cb82a708420683de3bc5f7e4c07859287587bc43c

新的 access_token eyJhbGciOiJSUzI1NiIsImtpZCI6IjY5YTA1ZDE5NTZiNjM1YTI5OTRkN2Q4MmUzOTVlZDNlIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MTAxNTMwMDUsImV4cCI6MTUxMDE1MzAzNSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6Im12YyIsInN1YiI6IjY2MzQyOWUzLTIwNTYtNDg1OC1iN2RhLThmYjhiMDI4YTEyZiIsImF1dGhfdGltZSI6MTUxMDE1MDg4MCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiYXBpMSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.N3cKXJSgLip_6TP-c9WIJsR6vsOMthBr7ORgio02KUQe1C6KqF1dBCGTm7T43LY9UpRPFGRMj5o4Wf2NyAkd7PkmHAJio4dh-1L0ivNuXbLo7jbfC5svhN4FszmDQPBMS_uidXRXZ5Cqe47TD-kTgMWGijXkXmPRXYu_rA181tbM8uPWJZtDlagQ_exFC1ZS_0gaNzJ7b6_d7eGV5tI6o31VBZXoPIwA1mT56hL-UO9PvEKs6RhGCAfelo0KKKrZ8eNeozTNPzXwCUYYyW3fsUmuKL8rtDqJIPiyH9gyzxWZeG0xkGlozSsgvPLtLvuA7nB0sqtko7Kpgl_8ECXKRQ P>

新的 refres_token 19a81ad1d0a4ef9ebe31a84b2313a1e8c372a3cfb1d2a482e13112576ab5c03a

第二次请求CallApiUsingUserRefreshToken()

旧的 access_token eyJhbGciOiJSUzI1NiIsImtpZCI6IjY5YTA1ZDE5NTZiNjM1YTI5OTRkN2Q4MmUzOTVlZDNlIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MTAxNTA4ODIsImV4cCI6MTUxMDE1MDkxMiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6Im12YyIsInN1YiI6IjY2MzQyOWUzLTIwNTYtNDg1OC1iN2RhLThmYjhiMDI4YTEyZiIsImF1dGhfdGltZSI6MTUxMDE1MDg4MCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiYXBpMSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.JJ4LhrEY05Z0CMKp9V81ur2ufZZSCmE2M0ACKsfqIMrq84eFg2IHu5RlbL7Tn4nD6TQj-6aLvhmJ0RunFOp4t1Sx-Qq_tgAsue5d5hEMZH-XK-gdf5wR94uNJX1imMSDsqD4C_IOiebeoAHHxGj39vHQvvQrZMeKsX1_o7h5XteCBfB51PclYycBZsu5iDV-EbbQaXCSjNlmWifYyCN52pwDeLcKLJp6rjEy765SJ50C8Zymuwjj7PHgvway_Sr5W0F-oNkUO-wqy60sFPaK3D62KuUpSIKVUUh4B164jkpUY0NiJefDAHogVTcSBsRbeJj6m6oiBGzKxx5JCCBB2g P>

旧的 refresh_token 981eb24796cf0bf191f0845cb82a708420683de3bc5f7e4c07859287587bc43c

新的 access_token eyJhbGciOiJSUzI1NiIsImtpZCI6IjY5YTA1ZDE5NTZiNjM1YTI5OTRkN2Q4MmUzOTVlZDNlIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MTAxNTMwMTQsImV4cCI6MTUxMDE1MzA0NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6Im12YyIsInN1YiI6IjY2MzQyOWUzLTIwNTYtNDg1OC1iN2RhLThmYjhiMDI4YTEyZiIsImF1dGhfdGltZSI6MTUxMDE1MDg4MCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiYXBpMSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.AMV5DblN48MxvWm4qbMNcAgGYTYGb0Rz-LAMX2-jAGtQhkis8tauWfpugm0aU_tCbwn6ktUQN1UepBCLpVe9qAo1hC4E_YDrhqxEKCrJK3NhWEYloNMAxFUJVak2rRO81gjH7zHZ-HvdxZaSzG2CGpkKOZKbnCuPSkXbUr_dgAulKH7Ul2hunqH9dCbX-BE9X7-ZjO6cXm8tZHOdRJBm7NsEvVo1bbSaTx4uEX0HDEX01uQAiUx6fz2j4Exp5A9CdlQhkqH4h5hSP3D3XvtH9wpRpD-kWlMRMxSwXeJ7P0OQMn04WOM-sGFXQFfUHwKxvSuMxcOx1MzUJF5-1W-KFG P>

新的 refres_token 9b0130de391db80b5b7499f18297b84af79a4f6ef423fdd85fb4e7f487611562

我正在研究如何从第一个请求中设置 new access_tokenrefresh_token,然后在第二个请求中使用。

【问题讨论】:

    标签: c# oauth-2.0 token identityserver4


    【解决方案1】:

    终于明白了。

    对于任何想要在 .Net 身份验证 Cookie 中更新其当前令牌的人,您应该使用 Microsoft 身份验证包中提供的 TokenStore

    var auth = await HttpContext.AuthenticateAsync("Cookies");
    auth.Properties.StoreTokens(new List<AuthenticationToken>()
    {
        new AuthenticationToken()
        {
            Name = OpenIdConnectParameterNames.AccessToken,
            Value = newToken.AccessToken
        },
        new AuthenticationToken()
        {
            Name = OpenIdConnectParameterNames.RefreshToken,
            Value = newToken.RefreshToken
        }
    });
    
    await HttpContext.SignInAsync(auth.Principal, auth.Properties);
    

    这将覆盖会话中的 access_tokenrefres_token,在执行 HttpContext.SignInAsync 时,这是针对 .Net Core 2.0

    【讨论】:

      【解决方案2】:

      在 ASP.NET Core 2.2 中,您可以使用以下内容来更新而不是替换令牌。

      var auth = await HttpContext.AuthenticateAsync(AuthenticationScheme.Cookie)
                                  .ConfigureAwait(false);
      
      auth.Properties.UpdateTokenValue(OpenIdConnectParameterNames.AccessToken,
                                       newToken.AccessToken);
      auth.Properties.UpdateTokenValue(OpenIdConnectParameterNames.RefreshToken, 
                                       newToken.RefreshToken);
      
      await HttpContext.SignInAsync(auth.Principal, auth.Properties)
                       .ConfigureAwait(false);
      

      这样,如果 cookie 包含其他令牌,例如 id_token,它仍然可用。

      【讨论】:

        猜你喜欢
        • 2010-11-25
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2018-09-07
        • 1970-01-01
        • 2023-03-08
        • 1970-01-01
        • 2017-10-12
        相关资源
        最近更新 更多