IdentityServer4 Reference Token 刷新token Postman截图

已于 2023-02-13 09:42:44 修改
阅读量2.2k 收藏 2
点赞数
分类专栏: .NET Core 文章标签: postman java 测试工具
于 2019-12-25 11:42:57 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/KingCruel/article/details/103696371
版权

.NET Core OAuth IdentityServer4 Token    
OAuth 身份认证 IdentityServer4  
IdentityServer4 1.0.0 documentation(官网)    
IdentityServer4 中文文档(v1.0.0) 第一部分 简介、第二部分 快速入门、第三部分 主题、第四部分 参考、第五部分 端点、第六部分 其它  

当使用 Reference Token 的时候,服务端会对 Token 进行持久化,当客户端请求资源服务器(API)的时候,资源服务器需要每次都去服务通信去验证 Token 的合法性[/connect/introspect],IdentityServer4.AccessTokenValidation 中间件中可以配置缓存一定的时候去验证,并且 Token 是支持撤销[/connect/revocation]的,登录注销[/connect/endsession]

How can we revoke an access token
1、Open the IdentityServerWithAspIdAndEF project, specify the AccessTokenType Property of the Client:
     指定客户端的AccessTokenType属性,AccessTokenType = AccessTokenType.Reference
2、Specify the ApiSecrets property of the ApiResource.
     指定ApiResource的ApiSecrets属性
3、Open the Api project, update the token validation configuration. Specify the ApiSecret we configured before.
     打开Api项目,更新令牌验证配置。指定我们之前配置的apisecrite。

注意 ApiResource 赋值,ApiResource 推荐使用构造函数赋值,不推荐使用“属性”赋值
推荐

public static IEnumerable<ApiResource> GetApiResources()
{
    return new List<ApiResource>
    {
        new ApiResource("ClientService", "CAS Client Service")
        {
            ApiSecrets = { new Secret("ClientSecret".Sha256()) }
        }
    };
}

不推荐

public static IEnumerable<ApiResource> GetApiResources()
{
    return new List<ApiResource>
    {
        new ApiResource
        {
            Name = "CustomAPI",
            DisplayName = "Custom API",
            Description = "Custom API Access",
            UserClaims = new List<string> {"role"},
            ApiSecrets = new List<Secret> {new Secret("scopeSecret".Sha256())}
        }
    };
}

*
1、Startup.cs

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

namespace AuthService
{
    public class Startup
    {
        public Startup(IConfiguration configuration, IWebHostEnvironment env)
        {
            Configuration = configuration;

            var builder = new ConfigurationBuilder()
               .SetBasePath(env.ContentRootPath)
               .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
               .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
               .AddEnvironmentVariables();
            Configuration = builder.Build();
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            string dbType = Configuration["DbSql:DbType"];
            switch (dbType)
            {
                case "SqlServer":
                    //services.AddSingleton(Configuration.GetConnectionString("DefaultConnection"));
                    services.AddSingleton(Configuration["DbSql:SqlServerConnection"]);
                    break;
                case "Oracle":
                    services.AddSingleton(Configuration["DbSql:OracleConnection"]);
                    break;
                case "MySql":
                    services.AddSingleton(Configuration["DbSql:MySqlConnection"]);
                    break;
                default:
                    break;
            }
            services.AddSingleton<IDbConnection, SqlConnection>();
            services.AddSingleton<IUserRepository, UserRepository>();

            services.AddIdentityServer()
                 .AddDeveloperSigningCredential()
                 .AddInMemoryClients(Security.Clients.GetClients())
                 .AddInMemoryIdentityResources(Security.IdentityConfig.GetIdentityResources())
                 .AddInMemoryApiResources(Security.IdentityConfig.GetResources())
                 .AddProfileService<Security.ProfileService>()
                 .AddResourceOwnerValidator<Security.ResourceOwnerPasswordValidator>();

            services.AddControllers();           
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else 
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseRouting();
            app.UseIdentityServer();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

2、Clients.cs(Client)

using AuthService.CoreLibrary;
using IdentityServer4;
using IdentityServer4.Models;
using Microsoft.Extensions.Configuration;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace AuthService.Security
{
    public class Clients
    {
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = ConfigManager.Configuration["IdentityAuthentication:ClientId"],
                    ClientName = ConfigManager.Configuration["IdentityAuthentication:ClientName"],
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    AccessTokenType = AccessTokenType.Reference,
                    AccessTokenLifetime = Convert.ToInt32(ConfigManager.Configuration["IdentityAuthentication:AccessTokenLifetime"]),
                    AbsoluteRefreshTokenLifetime =  Convert.ToInt32(ConfigManager.Configuration["IdentityAuthentication:AbsoluteRefreshTokenLifetime"]),//30*24*60*60
                    SlidingRefreshTokenLifetime = Convert.ToInt32(ConfigManager.Configuration["IdentityAuthentication:AbsoluteRefreshTokenLifetime"]),//5*60,
                    RefreshTokenExpiration = TokenExpiration.Sliding,//Absolute固定周期和Sliding滑动周期,前者到指定时间就会过期,后者则每次刷新Token时会延期
                    UpdateAccessTokenClaimsOnRefresh = true,
                    AllowOfflineAccess = true,
                    //AllowedCorsOrigins = { "http://localhost:5003","http://localhost:5005" },
                    ClientSecrets = { new Secret(ConfigManager.Configuration["IdentityAuthentication:Secret"].Sha256()) },
                    AllowedScopes =
                    {
                        ConfigManager.Configuration["IdentityAuthentication:Scope"],
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                    },
                }
            };
        }
    }
}

*
3、IdentityConfig.cs(ApiResource)

using AuthService.CoreLibrary;
using IdentityServer4.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace AuthService.Security
{
    public class IdentityConfig
    {
        public static IEnumerable<ApiResource> GetResources()
        {
            return new List<ApiResource>
            {
                new ApiResource(ConfigManager.Configuration["IdentityAuthentication:Scope"],ConfigManager.Configuration["IdentityAuthentication:ClientName"])
                {
                    ApiSecrets = { new Secret(ConfigManager.Configuration["IdentityAuthentication:Secret"].Sha256()) }
                }
            };
        }

        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
            };
        }
    }
}

4、ResourceOwnerPasswordValidator.cs()

using IdentityModel;
using IdentityServer4.Models;
using IdentityServer4.Stores;
using IdentityServer4.Validation;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;

namespace AuthService.Security
{
    public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
    {
        string device_id = string.Empty;
        private readonly IReferenceTokenStore _referenceToken;
        private readonly IPersistedGrantStore _persistedGrant;
        private readonly IUserRepository _userRepo;

        public ResourceOwnerPasswordValidator(IReferenceTokenStore referenceToken, IPersistedGrantStore persistedGrant, IUserRepository userRepo)
        {
            _referenceToken = referenceToken;
            _persistedGrant = persistedGrant;
            _userRepo = userRepo;
        }

        public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
            var validatedRequestDictionary = context.Request.Raw.AllKeys.ToDictionary(s => s, s => context.Request.Raw[s]);

            var user = _userRepo.Login(context.UserName);
            if (user == null || context.Password != user.password)
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "invalid custom credential");
            }
            else
            {
                device_id = validatedRequestDictionary["device_id"];
                await Task.Run(() =>
                {
                    context.Result = new GrantValidationResult(
                                       subject: user.user_code.ToString(),
                                       authenticationMethod: "custom",
                                       claims: GetUserClaims(user));
                });
                await _referenceToken.RemoveReferenceTokensAsync(user.user_code.ToString(), context.Request.ClientId);
                await _persistedGrant.RemoveAllAsync(user.user_code.ToString(), context.Request.ClientId);
            }
        }

        private Claim[] GetUserClaims(UserDto user)
        {
            return new Claim[]
            {
                new Claim("user_code", user.user_code.ToString()),
                new Claim("user_name", user.user_name.ToString()),
                new Claim("real_name", user.real_name.ToString()),
                new Claim("device_id", device_id),
                new Claim(JwtClaimTypes.Name,user.user_name),
                new Claim(JwtClaimTypes.Role, user.role == null ? "customer" : user.role)
            };
        }
    }
}

*
5、ProfileService.cs(IProfileService)

using IdentityServer4.Models;
using IdentityServer4.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace AuthService.Security
{
    public class ProfileService : IProfileService
    {
        public async Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            try
            {
                if (!string.IsNullOrEmpty(context.Subject.Identity.Name))
                {
                }

                //depending on the scope accessing the user data.
                var claims = context.Subject.Claims.ToList();

                //set issued claims to return
                context.IssuedClaims = claims.ToList();
            }
            catch (Exception ex)
            {
                //log your error
            }
        }

        public async Task IsActiveAsync(IsActiveContext context)
        {
            context.IsActive = true;
        }
    }
}

6、appsettings.json

{
  "AdminSafeList": "127.0.0.1;192.168.1.5;::1",
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AppSettings": {
    "SecretKey": "ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789",
    "Cores": "https://localhost:44390,http://0.0.0.0:3201",
    "UploadFilesRootPath": "F:\\uploadfiles"
  },
  "IdentityAuthentication": {
    "ClientId": "MobileNurse",
    "ClientName": "MobileNurse App",
    "Scope": "MOBILE_PAD",
    "Secret": "ClientSecret",
    "AccessTokenLifetime": "3600",
    "AbsoluteRefreshTokenLifetime": "2592000",
    "SlidingRefreshTokenLifetime": "300"
  },
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "DefaultConnection": "Server=.;Database=dbMobileNurse;User ID=sa;Password=000000;"
  },
  "DbSql": {
    "DbType": "SqlServer",
    "SqlServerConnection": "Server=.;Database=dbMobileNurse;User ID=sa;Password=000000;",
    "OracleConnection": "",
    "MySqlConnection": "Data Source=192.168.2.100;port=3306;Initial Catalog=dbMobileNurse;user id=root;password=000000;",
    "user": {
      "login": "select user_code,user_name,real_name,password from sys_user where user_name=@UserName ",
      "insert": "",
      "update": "",
      "select": ""
    }
  }
}

API 资源服务器 Startup.cs
NuGet:IdentityServer4.AccessTokenValidation

AddIdentityServerAuthentication、AddOAuth2Introspection

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Reflection;
using System.IO;
using AutoMapper;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.OpenApi.Models;
using Newtonsoft.Json;
using Newtonsoft.Json.Serialization;
using Microsoft.AspNetCore.Mvc;
using IdentityModel;
using log4net;
using log4net.Config;
using log4net.Repository;
using System.Net.Mime;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc.Versioning;

namespace ***.WebAPI
{
    public class Startup
    {
        public Startup(IConfiguration configuration, IWebHostEnvironment env)
        {
            Configuration = configuration;

            var builder = new ConfigurationBuilder()
               .SetBasePath(env.ContentRootPath)
               .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
               .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
               .AddEnvironmentVariables();
            Configuration = builder.Build();
        }

        public IConfiguration Configuration { get; }
        public static ILoggerRepository loggerRepository { get; set; }

        readonly string AllowSpecificOrigins = "AllowSpecificOrigins";

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            #region 认证   第 1 步
            services.AddAuthentication(config =>
            {
                config.DefaultScheme = "Bearer";
            })
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = Configuration["IdentityAuthentication:Authority"];
                options.ApiName = "MOBILE_PAD";
                options.ApiSecret = "ClientSecret";
                options.RequireHttpsMetadata = true;//如果授权认证服务器访问地址是https开头,设置成true,如果授权认证服务器访问地址是http开头,设置成false【注意注意】

                #region 配置一定的时间来缓存结果,以减少通信的频率
                options.EnableCaching = true;
                options.CacheDuration = TimeSpan.FromMinutes(10);
                #endregion
            });
            #endregion

            #region 认证(经测试可以使用 OK)   第 1 步
            services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication(options =>
                {
                    options.Authority = Configuration["IdentityAuthentication:Authority"];
                    options.ApiName = Configuration["IdentityAuthentication:ApiName"];
                    options.ApiSecret = Configuration["IdentityAuthentication:ApiSecret"];
                    options.RequireHttpsMetadata = true;//如果授权认证服务器访问地址是https开头,设置成true,如果授权认证服务器访问地址是http开头,设置成false【注意注意】
                });

            /
            services.AddAuthentication(OAuth2IntrospectionDefaults.AuthenticationScheme)
            .AddOAuth2Introspection(options =>
            {
                options.Authority = Configuration["IdentityAuthentication:Authority"];
                options.ClientId = Configuration["IdentityAuthentication:ApiName"];
                options.ClientSecret = Configuration["IdentityAuthentication:ApiSecret"];
                options.Events = new OAuth2IntrospectionEvents 
                {
                    OnAuthenticationFailed = context =>
                    {
                        // 错误访问,401,授权认证失败
                        var tokenType = context.Options.TokenTypeHint;
                        if (context.Error.GetType() == typeof(SecurityTokenExpiredException))
                        {
                            context.Response.Headers.Add("Token-Expired", "true");
                        }
                        context.Response.ContentType = "application/json";
                        //自定义返回状态码,默认为401
                        //context.Response.StatusCode = StatusCodes.Status200OK;
                        //context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                        context.Response.WriteAsync(JsonConvert.SerializeObject(new { code = "401", msg = "Unauthorized" }));
                        return Task.CompletedTask;
                    },
                    OnTokenValidated = context =>
                    {
                        // 正常访问
                        var token = context.SecurityToken;
                        return Task.CompletedTask;
                    },
                };
            });

            #endregion

            services.AddControllers(options =>
            {
                //第 2 步
                options.Filters.Add<QDAuthorizeAttribute>();
                options.UseCentralRoutePrefix(new RouteAttribute($"api"));
                options.MaxModelValidationErrors = 50;
            });

            services.AddAutoMapper(typeof(AutoMapperInit));
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                app.UseHsts();
            }

            app.UseStatusCodePages();
            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
                endpoints.MapHub<Chat>("/chathub");
            });
            app.UseApiVersioning();
        }
    }
}

*、https://localhost:44336/connect/token


*、https://localhost:44336/connect/userinfo


=====================令牌自省端点(Token Introspection Endpoint)=====================
docs(Token Introspection Endpoint)  
Introspection Endpoint  
https://localhost:44336/connect/introspect,introspection_endpoint是RFC 7662的实现。可以用于验证reference tokens(或如果消费者不支持适当的JWT或加密库,则JWT)。
示例1

POST /connect/introspect HTTP/1.1
Host: localhost:44336
Content-Type: application/x-www-form-urlencoded

token=iJy59t8IyjzbyWAN2dPpmwwuIzbDAKDlz7LAce09TXk&client_id=MOBILE_PAD&client_secret=ClientSecret&token_type_hint=access_token

响应数据
{
    "iss": "https://localhost:44336",
    "nbf": 1578532747,
    "exp": 1578536347,
    "aud": "MOBILE_PAD",
    "client_id": "MobileNurse",
    "sub": "9",
    "auth_time": 1578532747,
    "idp": "",
    "amr": "custom",
    "user_code": "9",
    "user_name": "admin",
    "real_name": "admin",
    "device_id": "121aa",
    "name": "admin",
    "role": "customer",
    "active": true,
    "scope": "MOBILE_PAD"
}



示例2

POST /connect/introspect
Authorization: Basic TU9CSUxFX1BBRDpDbGllbnRTZWNyZXQ=

token=<AccessToken>





注意:“TU9CSUxFX1BBRDpDbGllbnRTZWNyZXQ=”是一个BASE64编码字符串,BASE64解码后是“MOBILE_PAD:ClientSecret”,所以BASE64编码的格式是“Scope值:Secret值”

成功的响应将返回 状态代码200 以及 活动或非活动令牌:active:true

{
  "iss": "https://localhost:44336",
  "nbf": 1578462272,
  "exp": 1578465872,
  "aud": "MOBILE_PAD",
  "client_id": "MobileNurse",
  "sub": "9",
  "auth_time": 1578462272,
  "idp": "",
  "amr": "custom",
  "user_code": "9",
  "user_name": "admin",
  "real_name": "admin",
  "device_id": "121aa",
  "name": "admin",
  "role": "customer",
  "active": true,  /
  "scope": "MOBILE_PAD"
}

未知或过期的令牌将被标记为无效:

{
    "active": false,
}

无效请求将返回400,未授权请求401。

==========================令牌撤销端点(Token Revocation Endpoint)==========================
docs(Token Revocation Endpoint)  
Revocation Endpoint  撤销访问令牌(仅access tokens 和reference tokens)。它实现了令牌撤销规范(RFC 7009)。

此端点允许撤消访问令牌(仅限引用令牌)和刷新令牌。
token:要撤销的令牌(必填)
token_type_hint:access_token或refresh_token(可选)

示例

POST /connect/revocation HTTP/1.1
Host: localhost:44336
Authorization: Basic TW9iaWxlTnVyc2U6Q2xpZW50U2VjcmV0
Content-Type: application/x-www-form-urlencoded

token=SnQd0MkxPHB752vJJSwnwvgTDf2JhB6OpL0DoqR_fkk&token_type_hint=refresh_token

注意:“TW9iaWxlTnVyc2U6Q2xpZW50U2VjcmV0”是一个BASE64编码字符串,BASE64解码后是“MobileNurse:ClientSecret”,所以BASE64编码的格式是“ClientId值:Secret值”

==========================结束会话端点(End Session Endpoint)==========================
End Session Endpoint  
EndSession Endpoint  

https://localhost:44336/connect/endsession  登录注销
*
https://localhost:44336/connect/endsession?id_token_hint=eyJhbGciOiJSUzI1NiIsIm&post_logout_redirect_uri=http://www.baidu.com
*
*
*
*
*
*
*
*

KingCruel
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
2021-07-25 .NET高级班 121-直播项目专题(id4无感刷新token)
时光隧道
07-25 5万+
1.前端401处理 import axios from 'axios' import {useRouter} from "vue-router"; import { ElMessage } from 'element-plus' const router= useRouter(); const $http = axios.create({ // baseURL:'http://localhost:5000/', timeout:20000, headers:{
token刷新token刷新token刷新
最新发布
04-09
token刷新token刷新token刷新
IdentityServer4 获取Token刷新Token
码农的专栏
08-20 4037
【代码】IdentityServer4 获取Token刷新Token
Asp.Net Core 中IdentityServer4 授权原理及刷新Token的应用
Jlion 技术博客
03-19 1976
一、前言 上面分享了IdentityServer4 两篇系列文章,核心主题主要是密码授权模式及自定义授权模式,但是仅仅是分享了这两种模式的使用,这篇文章进一步来分享IdentityServer4的授权流程及refreshtoken。 系列文章目录(没看过的先看这几篇文章再来阅读本文章): Asp.Net Core IdentityServer4 中的基本概念 Asp.Net Core 中Iden...
.NET Core OAuth IdentityServer4 Token AllowAnonymous 刷新token RefreshToken Postman截图
KingCruel的专栏
03-21 4120
身份验证和 ASP.NET Web API 中的授权IdentityServer4 Reference TokenIdentityServer4 1.0.0 documentation(官网) 业务逻辑 ● 搭建 授权服务器 和 资源服务器 ● 给App客户端发放 AppId 和 AppSecret ● 用户向App客户端提供自己的 账号 和 密码 ● App客户端将AppId、AppSe...
IdentityServer4系列(06)【使用reference token
极客神殿
03-28 914
JWT token信息自包含,无法直接进行生命周期控制。Reference Token也是一种身份标识,在认证服务器有一个Token IntroSpection Endpoint,可以直接控制token的生命周期,缺点是与认证服务器通信很频繁,优点是安全性高。 在验证服务器的ApiResource方面需要配置API的密码。 public static IEnumerable<ApiResource> GetApis() { return.
vue的token刷新处理的方法
10-18
4. **发起刷新请求**:如果不存在正在进行的刷新请求,将 `isRefreshing` 标志设置为 `true`,然后使用 `refresh_token` 发送刷新请求到服务器。 5. **处理响应**:刷新请求成功后,更新 `token`,并通知所有等待的...
请求时token过期自动刷新token操作
10-14
4. **防止重复刷新请求**: 为了防止在`token`过期时发生多个并发的刷新请求,引入了一个全局变量`isRefreshing`作为开关。如果正在刷新`token`,则后续的请求会被放入一个`Promise`队列中等待。当新`token`获取...
Android token过期刷新处理的方法示例
08-26
Android Token 过期刷新处理方法示例 Android Token 过期刷新处理是移动端应用程序中常见的问题之一。当用户的 Token 过期时,应用程序需要重新刷新 Token,以确保用户的身份验证。下面是 Android Token 过期刷新...
Android OkHttp实现全局过期token自动刷新示例
01-20
当请求某个接口的时候,我们会在请求的header中携带token消息,但是发现token失效,接口请求报错,怎么马上刷新token,然后重复请求方才那个接口呢?这个过程应该说对用户来说是无感的。 这个过程用流程图可以这样...
第38章 刷新令牌 - Identity Server 4 中文文档(v1.0.0)
dibopang0571的博客
04-28 405
第38章 刷新令牌 由于访问令牌的生命周期有限,因此刷新令牌允许在没有用户交互的情况下请求新的访问令牌。 以下流程支持刷新令牌:授权代码,混合和资源所有者密码凭据流。需要明确授权客户端通过设置AllowOfflineAccess来请求刷新令牌true。 38.1 其他客户端设置 AbsoluteRefreshTokenLifetime 刷新令牌的最长生命周期(秒)。默认为2592000...
使用Postman pre-request 实现自动刷新AT
MaiDouYT的博客
02-22 1343
引入问题 最近在用 Postman 做服务调试的时候,遇到个场景:需要调试的接口特别多,在发请求的时候都需要带真实有效的AT,我们这边的AT有效期使用默认的十分钟,因为调试的过程中经常会遇到别的事情,导致AT经常失效,花了大量的时候去拿可用的AT,这对于一个懒人来说是不可接受的,下面就介绍一下我是如何一步一步的来解决这个问题的: 阶段一 服务使用的是标准的oauth2鉴权,所以初始的时候最基础能想...
ASP.NET Core Identity Server 3自定义修改Token过期刷新时间
weixin_42098295的博客
06-11 279
本文主要介绍ASP.NET Core使用Identity Server 3时,要自定义修改Token刷新时间的方法,以方便实现针对不同用户指定不同的Token过期刷新时间。 原文地址:ASP.NET Core Identity Server 3自定义修改Token过期刷新时间 ...
php从cert中获取公钥_.Net Core 中IdentityServer4Token的应用小知识
weixin_39695241的博客
12-10 842
一、前言上面分享了IdentityServer4 两篇系列文章,核心主题主要是密码授权模式及自定义授权模式,但是仅仅是分享了这两种模式的使用,这篇文章进一步来分享IdentityServer4的授权流程及refreshtoken。系列文章目录(没看过的先看这几篇文章再来阅读本文章):Asp.Net Core IdentityServer4 中的基本概念Asp.Net Core 中IdentityS...
步骤:asp.net core中使用identifyserver4颁发令牌
weixin_30363509的博客
12-01 212
使用IdentityServer4颁发令牌基本步骤如下: 在Startup.Configure 方法调用app.UseIdentityServer,添加IdentityServer4到应用的 HTTP 请求处理管线. 使库服务 对OpenID连接和 类似使用/connect/tokenOAuth2端点的请求. 在Startup.ConfigureServices调用se...
IdentityServer4实战 - AccessToken 生命周期分析
weixin_34075551的博客
05-07 1454
一.前言 IdentityServer4实战这个系列主要介绍一些在IdentityServer4(后文称:ids4),在实际使用过程中容易出现的问题,以及使用技巧,不定期更新,谢谢大家关注。使用过ids4的朋友应该知道,可以通过设置AccessTokenLifetime属性,来控制AccessToken的存活时间,但是细心的朋友可能会发现,Token到期了依然能通过授权,这是怎么回事呢,下面我带大...
Abp vNext实现登录返回token可调用其他接口
weixin_38225763的博客
07-13 1566
/必须加上项目和数据库里定义得授权范围,否则登录成功后还是提示401。只是验证登录,并不返回token。Abp中获取token的接口是。具体使用方式看官方文档的。部分,我就记录一些常用的。
Asp.Net Core 中IdentityServer4 授权中心之应用实战
Jlion 技术博客
03-11 2268
一、前言 查阅了大多数相关资料,查阅到的IdentityServer4 的相关文章大多是比较简单并且多是翻译官网的文档编写的,我这里在 Asp.Net Core 中IdentityServer4 的应用分析中会以一个电商系统架构升级过程中普遍会遇到的场景进行实战性讲述分析,同时最后会把我的实战性的代码放到github 上,敬请大家关注! 这里就直接开始撸代码,概念性东西就已经不概述了,想要了解概念...
配合OAuth2进行单设备登录拦截
weixin_33966365的博客
11-21 2410
2019独角兽企业重金招聘Python工程师标准>>> ...
postman token
08-19
在使用Postman调试接口时,可以通过设置全局/环境变量传递token的方式来解决token的重复工作量问题。首先,你需要将获取到的token复制到Postman中,然后在Postman中新增一个环境变量,例如命名为devToken,并将获取到的token赋值给devToken这个环境变量。这样,当需要在请求里加上token的接口时,需要调用devToken环境变量即可,无需手动修改接口的token值,从而避免了重复的工作量。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* [postman 设置token](https://blog.csdn.net/qq_37570710/article/details/120977448)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"] - *2* *3* [2种方法教你在postman设置请求里带动态token](https://blog.csdn.net/qq_52879678/article/details/129802139)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值