各個模式的accesstoken續期詳解
一些預備知識
jwt的時間格式
轉換為時間可以用js,
new Date(1531841745*1000)
==>Tue Jul 17 2018 23:35:45 GMT+0800 (中國標準時間)
關於Refresh token
refreshtoken僅僅在hybrid, authorization和ResourceOwnPassword三種模式中支持
通常在IdentityServer中,
如果客戶端是.net程序, 我們使用hybrid和ResourceOwnPassword授權
如果客戶端是純js程序, 那麽使用implicit授權.
需要加上offline_access的scope權限
如何理解offline_access
參考https://stackoverflow.com/questions/42162769/identity-server-4-angular-2-token-expiration
5down voteaccepted
I can recommend the library for managing token for the javascript application:https://github.com/IdentityModel/oidc-client-js
You‘ve correctly used the implicit flow for SPA - here is the description about which flow is right one - https://leastprivilege.com/2016/01/17/which-openid-connectoauth-2-o-flow-is-the-right-one/
Oidc-client
provides great feature calledautomaticSilentRenew
- check the docs. There is the timer on the background and handle an event before token expiration and using hidden iframe for getting new access token.(看起來好像是這個js框架會自動使用iframe在授權到期的時候自己去idsv刷新token)Example for
Angular2
andoidc-client
: https://github.com/jmurphzyo/Angular2OidcClientVideo with overview for authentication and authorization in JavaScript web applications using IdentityServer - https://vimeo.com/131636653
實戰一, mvc客戶端使用ResourceOwnPassword, 如何管理accesstoken續期
實戰二, js客戶端的續期
實戰三, mvc客戶端使用hybrid, 如何管理續期
各個模式的accesstoken續期詳解