OAuth2用户的WebAPI令牌过期

本文介绍了OAuth2用户的WebAPI令牌过期的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想动态设置令牌到期时间，但现在看来它只是让默认为20分钟。

I am trying to set a token expiration time dynamically, but it appears it just keeps defaulting to 20 minutes.

下面是我的ConfigureAuth：

Here is my ConfigureAuth:

public void ConfigureAuth(IAppBuilder app)
{

        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(""),
            // In production mode set AllowInsecureHttp = false
            AllowInsecureHttp = true
        };

        // Enable the application to use bearer tokens to authenticate users
        app.UseOAuthBearerTokens(OAuthOptions);

}

下面是我的GrantResourceOwnerCredentials方式：

Here is my GrantResourceOwnerCredentials method:

    public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {

        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

        var hasValidLogin = (new login().authenticate(context.UserName, context.Password, "") == "valid");

        if (hasValidLogin == false)
        {
            context.SetError("invalid_grant", "The user name or password is incorrect.");
            return Task.FromResult<object>(null);
        }

        var oAuthIdentity = CreateIdentity(context);
        var oAuthProperties = CreateProperties(context);

        AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, oAuthProperties);

        context.Validated(ticket);
        return Task.FromResult<object>(null);
    }

这是我的setProperties方法在那里我可以设置过期时间：

And here is my SetProperties method where I can setting the expiration:

    public static AuthenticationProperties CreateProperties(OAuthGrantResourceOwnerCredentialsContext context)
    {

        IDictionary<string, string> data = new Dictionary<string, string>
        {
            { "client_id", context.ClientId }
        };

        var response = new AuthenticationProperties(data);
        response.ExpiresUtc = DateTime.Now.AddMonths(1);

        return response;
    }

即使在这之后，该令牌返回：

Even after that, the token is returning:

{
  "access_token": ".....",
  "token_type": "bearer",
  "expires_in": 1199,
  "client_id": ".....",
  ".expires": "Fri, 13 Nov 2015 20:24:06 GMT",
  ".issued": "Fri, 13 Nov 2015 20:04:06 GMT"
}

任何想法，为什么我不能设置在那里我目前到期？此服务器将采取各种不同客户的不同规定的到期时间，因此我想这就是做这个的地方。有没有别的地方，我应该这样做呢？谢谢！

Any ideas why I cannot set the expiration where I currently am? This server will take a variety of different clients with different specified expiration times, therefore I figured this is the place to do this. Is there somewhere else that I should doing this at? Thanks!

推荐答案

您看到的是直接造成事实上的OAuth2授权服务器的总是的放弃自己的满期时，将其设置中的行为在 GrantResourceOwnerCredentials 的通知（其它捐赠* 也影响通知）：https://github.com/jchannon/katanaproject/blob/master/src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs#L386

The behavior you're seeing is directly caused by the fact the OAuth2 authorization server always discards your own expiration when you set it in the GrantResourceOwnerCredentials notification (the other Grant* notifications are also impacted): https://github.com/jchannon/katanaproject/blob/master/src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs#L386

一个解决办法是设置的过期日期
AuthenticationTokenProvider.CreateAsync （您使用的类 OAuthAuthorizationServerOptions.AccessTokenProvider ）

A work around is to set the expiration date inAuthenticationTokenProvider.CreateAsync (the class you use for OAuthAuthorizationServerOptions.AccessTokenProvider):

只需设置 context.Ticket.Properties.ExpiresUtc 与您所选择的截止日期，它应该工作作为intented：

Simply set context.Ticket.Properties.ExpiresUtc with the expiration date of your choice, and it should work as intented:

public class AccessTokenProvider : AuthenticationTokenProvider {
    public override void Create(AuthenticationTokenCreateContext context) {
        context.Ticket.Properties.ExpiresUtc = // set the appropriate expiration date.

        context.SetToken(context.SerializeTicket());
    }
}

您也可以看看 AspNet.Security.OpenIdConnect.Server ，由OWIN /武士刀所提供的的OAuth2授权服务器本身支持设置到期日的一个分支从 GrantResourceOwnerCredentials ：

You can also take a look at AspNet.Security.OpenIdConnect.Server, a fork of the OAuth2 authorization server offered by OWIN/Katana that natively supports setting the expiration date from GrantResourceOwnerCredentials: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev

这篇关于OAuth2用户的WebAPI令牌过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！