无法使用刷新令牌在Identity Server 3实现中获取新的访问令牌和刷新令牌

时间:2016-11-13 14:57:40

标签: identityserver3 thinktecture-ident-server

我一直在玩Thinktecture的身份服务器,现在我在尝试访问刷新令牌端点时遇到了一些问题。

我所拥有的是少数像这样配置的客户:

授权代码流客户端:

新客户

{
    ClientId = "tripgalleryauthcode",
    ClientName = "Trip Gallery (Authorization Code)",
    Flow = Flows.AuthorizationCode, 
    AllowAccessToAllScopes = true,
    RequireConsent = false,

    RedirectUris = new List<string>
    {
        "redirecturi"
    },           

     ClientSecrets = new List<Secret>()
    {
        new Secret("somesecret".Sha256())
    }                    
}

混合流客户端: 

new Client 
{
    ClientId = "tripgalleryhybrid",
    ClientName = "Tripgalleryhybrid (Hybrid)",
    Flow = Flows.Hybrid, 
    AllowAccessToAllScopes = true,

    RequireConsent = false,

    IdentityTokenLifetime = 10,
    AccessTokenLifetime = 120,

    // redirect = URI of the MVC application
    RedirectUris = new List<string>
    {
        "redirecturi"
    },

    // Needed when requesting refresh tokens
    ClientSecrets = new List<Secret>()
    {
        new Secret("somesecret".Sha256())
    },
    PostLogoutRedirectUris = new List<string>()
    {
        "postlogouturi"
    }
}

我所做的是,我有使用混合流的ASP.NET MVC客户端。在身份验证之后,我会收到访问令牌,刷新令牌和其他一些东西。

我要做的是测试刷新令牌端点。我准备我的请求的方式如下:

我发出 POST 请求: / identity / connect / revocation 在请求的标题中我有:

  • 内容类型:application / x-www-form-urlencoded
  • 授权:基本dHJpcGdhbGxlcnlhdXRoY29kZTpteXJhbmRvbWNsaWVudHNlY3JldA ==(这是base64编码的clientid:clientsecret,是我的授权代码

在请求正文中,我有:令牌= 0a24f80dcc97a56ede0e7c04563a3493&amp; token_type_hint = refresh_token

令牌是我通过混合客户端进行身份验证后的令牌。

当我触发请求时,它返回Http 200.但是没有返回任何内容。当我转到Identity Server日志时,这就是我所看到的:

SnapshotHelper::TakeSnapshotTimerCallback
SnapshotHelper::TakeSnapshotInternal - no new files in CodeGen
w3wp.exe Warning: 0 : 2016-11-13 13:54:11.557 +00:00 [Warning] AuthorizationCodeStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : 2016-11-13 13:54:11.620 +00:00 [Warning] TokenHandleStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : 2016-11-13 13:54:11.620 +00:00 [Warning] ConsentStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : 2016-11-13 13:54:11.620 +00:00 [Warning] RefreshTokenStore not configured - falling back to InMemory
w3wp.exe Information: 0 : 2016-11-13 13:54:12.356 +00:00 [Information] Start token revocation request
w3wp.exe Information: 0 : 2016-11-13 13:54:12.401 +00:00 [Information] Client secret id found: "tripgalleryauthcode"
w3wp.exe Information: 0 : 2016-11-13 13:54:12.401 +00:00 [Information] Client validation success
w3wp.exe Information: 0 : 2016-11-13 13:54:12.401 +00:00 [Information] End token revocation request

我真正期望获得至少新访问权限和刷新令牌,但没有。我想我的客户配置中缺少一些东西,所以如果你能帮助我,我会很高兴。

修改

我将端点更改为: / identity / connect / token ,并将请求正文更改为: grant_type = refresh_token&amp; token = 635c7cbcfa1c0417b6d574ade388c0d8&amp; token_type_hint = refresh_token 但仍未成功。现在我的身份服务器日志说:

SnapshotHelper::TakeSnapshotTimerCallback
SnapshotHelper::TakeSnapshotInternal - no new files in CodeGen
SnapshotHelper::TakeSnapshot time since last: 00:19:59.9992231
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] Start token request
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] Client secret id found: "tripgalleryauthcode"
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] Client validation success
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] Start token request validation
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] Start validation of refresh token request
w3wp.exe Error: 0 : 2016-11-13 20:40:33.406 +00:00 [Error] "Refresh token is missing"
 "{
  \"ClientId\": \"tripgalleryauthcode\",
  \"ClientName\": \"Trip Gallery (Authorization Code)\",
  \"GrantType\": \"refresh_token\",
  \"Raw\": {
    \"grant_type\": \"refresh_token\",
    \"token\": \"635c7cbcfa1c0417b6d574ade388c0d8\",
    \"token_type_hint\": \"refresh_token\"
  }
}"
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] End token request
w3wp.exe Information: 0 : 2016-11-13 20:40:33.406 +00:00 [Information] Returning error: invalid_request

第二次编辑:

根据此处发布的文档:Token Endpoint以及此处的内容:TokenRequest以及与此相关的更多资源:

我认为是正确的。不幸的是,我仍然从身份服务器获取HTTP 400,并显示错误消息: error = invalid_grant 。这让我觉得我很可能需要在我的客户端上进行更多配置。在互联网上的一些示例中,我可以在配置客户端时看到: AbsoluteRefreshTokenLifetime,SlidingRefreshTokenLifetime,RefreshTokenUsage,RefreshTokenExpiration 的用法。能否请你至少给我一个指导方向?

SOLUTION:

对我有用的是将这些选项添加到客户端: //刷新令牌选项

AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600,
RefreshTokenUsage = TokenUsage.ReUse,
RefreshTokenExpiration = TokenExpiration.Absolute,
AbsoluteRefreshTokenLifetime = 1296000

1 个答案:

答案 0 :(得分:2)

您正在使用吊销终结点,它允许您销毁(又名&#34;撤销&#34;)令牌。要使用刷新令牌获取新的访问令牌,您需要具有grant_type = refresh_token的令牌端点,如文档中所述:https://identityserver.github.io/Documentation/docsv2/endpoints/token.html

相关问题
最新问题