OWIN OAuth 2.0 Authorization Server Refresh Token
I run this sample application:
http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
Downloaded from:
http://code.msdn.microsoft.com/OWIN-OAuth-20-Authorization-ba2b8783
In the AuthorizationServer project Startup.Auth.cs file, I added
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(1),
inside
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions {
So that the token will expire after 1 minute.
After 1 minute and the token expired, I try to refresh the token, it gives me the error
The remote server returned an error: (400) Bad Request.
My questions is:
Is it possible to refresh the token if the token expire? Or how about automatically refresh the expired token if the user tries to access Protected Resource?
By default, OWIN rejects refresh token if related authentication token expired already. Here is example, how you can override this behavior:
public class RefreshTokenProvider : IAuthenticationTokenProvider
{
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var ticket = LoadAuthenticationTicketFromDatabase();
context.DeserializeTicket(ticket);
context.Ticket.Properties.ExpiresUtc = DateTime.MaxValue;
}
}
链接地址: http://www.djcxy.com/p/47940.html
上一篇: 实施OAuth授权码流程