问题描述

在源代码沙箱Web服务器中，刷新令牌是这样完成的:

From the source code sandbox Webserver, refresh tokens was done like this:

RefreshTokenProvider = new AuthenticationTokenProvider
{
    OnCreate = CreateRefreshToken,
    OnReceive = ReceiveRefreshToken,
}

private void CreateRefreshToken(AuthenticationTokenCreateContext context)
{
    context.SetToken(context.SerializeTicket());
}

private void ReceiveRefreshToken(AuthenticationTokenReceiveContext context)
{
    context.DeserializeTicket(context.Token);
}

这将创建与访问令牌具有相同生存期的刷新令牌.

This create refresh tokens that have the same lifetime as the access tokens.

刷新令牌的合适生存期是什么，将其告知OAuthAuthorizationServer的建议方法是什么.没有任何选择，我想知道是否应该在上述createRefreshToken的上下文中在票证上进行更改.

What would be appropriate lifetime for a refresh token and what would be the suggested way of telling that to the OAuthAuthorizationServer. Theres no options for it, and I am wondering if I should just change it on the ticket in the context of above createRefreshToken.

推荐答案

全部取决于用例. RefreshToken生存期可以基于应用程序需求. Google oAuth具有刷新令牌在用户撤销访问权限之前是有效的".

Its all dependent on use-case. RefreshToken lifetime can be based on the application requirement. Google oAuth has "Refresh tokens are valid until the user revokes access".

是的，您是正确的方法.您可以在上下文中将其设置为Tiken.

Yes, you are right for the approach. you can set it to Tiken in the context.

private void CreateRefreshToken(AuthenticationTokenCreateContext context)
{
    context.Ticket.Properties.ExpiresUtc = new DateTimeOffset(DateTime.Now.AddMonths(2));
    context.SetToken(context.SerializeTicket());
}

这篇关于使用Katana OAuthAuthorizationServer刷新令牌的生命周期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！