OWIN OAuth 2.0 Authorization Server Refresh Token

I run this sample application:

http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

Downloaded from:

http://code.msdn.microsoft.com/OWIN-OAuth-20-Authorization-ba2b8783

In the AuthorizationServer project Startup.Auth.cs file, I added

AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(1),

inside

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions {

So that the token will expire after 1 minute.

After 1 minute and the token expired, I try to refresh the token, it gives me the error

The remote server returned an error: (400) Bad Request.

My questions is:

Is it possible to refresh the token if the token expire? Or how about automatically refresh the expired token if the user tries to access Protected Resource?


By default, OWIN rejects refresh token if related authentication token expired already. Here is example, how you can override this behavior:

public class RefreshTokenProvider : IAuthenticationTokenProvider
{
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var ticket = LoadAuthenticationTicketFromDatabase();
            context.DeserializeTicket(ticket);
            context.Ticket.Properties.ExpiresUtc = DateTime.MaxValue;
    }
}
链接地址: http://www.djcxy.com/p/47940.html

上一篇: 实施OAuth授权码流程

下一篇: OWIN OAuth 2.0授权服务器刷新令牌