Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to refresh access token

I have an Asp.net 2.0 core web application which connects to an Identity server 4 application for authentication. There is also an API involved. The API consumes an access token as a bearer token.

My startup:

services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                options.Authority = idsEndPoint;
                options.RequireHttpsMetadata = false;
                options.ClientId = "testclient";
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("testapi");
            });

Controller:

In my controllers i can see my tokens and they are all populated and i can use the access token in my API calls.

var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
var refreshToken = await HttpContext.GetTokenAsync(IdentityConstants.HttpContextHeaders.RefreshToken);
var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);

Question:

My problem occurs after one hour where the access token expires. It appears that it is not automatically being refreshed. I am wondering if this is a setting in my authentication that will cause it to refresh it. However I have been unable to find out how I am supposed to force it to refresh the access token after it has expired.

My current solution is to refresh it myself but I would have thought this would be built into the cookie middleware.

like image 217
DaImTo Avatar asked Apr 16 '18 07:04

DaImTo


People also ask

How do I refresh my access token when it expires?

If a refresh token expires for any reason, then the only action the application can take is to ask the user to log in again, starting a new OAuth flow from scratch, which will issue a new access token and refresh token to the application.

Can you refresh a refresh token?

You cannot refresh a Refresh Token if the Refresh Token has expired or otherwise been revoked. You must repeat the authentication flow to obtain a new Refresh Token. Mostly true, but...with DocuSign's implementation, you can refresh the refresh token if it hasn't yet expired and you have the extended scope.

How often should you refresh access token?

Hi all, According to the docs, An access token, if not used, will expire in 24 hours.

How do I refresh my MFA token?

Go to Services > Azure Partner (NCE) > Manage Refresh Token. In the Automatic Update group, click Update Refresh Token. The login page of the Microsoft Partner Center will open in a new browser window.


1 Answers

for automatic refresh token, add options.Scope.Add("offline_access"); to AddOpenIdConnect() options.

like image 169
Meysam Gheysaryan Avatar answered Sep 19 '22 00:09

Meysam Gheysaryan