Menu
I'm new at IdentityServer4. I read I need to implement an IPersistedGrantStore to store refresh tokens into a table like PersistedGrants in my database.
IdentityServer logs is the following when my native app ask for a new access token: "refresh_token" grant with value: "{value}" not found in store.
That's because I'm using in-memory version of the persisted grant store. So I need to store refresh token in a PersistedGrant table.
Therefore in my startup.cs I added the following line:
builder.Services.AddScoped<IPersistedGrantStore, PersistedGrantStore>();
and IPersistedGrantStore.cs is
public interface IPersistedGrantStore
{
Task StoreAsync(CustomPersistedGrant grant);
Task<CustomPersistedGrant> GetAsync(string key);
Task<IEnumerable<CustomPersistedGrant>> GetAllAsync(string subjectId);
}
So I have a CustomPersistedGrant.cs class
public class CustomPersistedGrant
{
public string Key { get; set; }
public string Type { get; set; }
public string SubjectId { get; set; }
public string ClientId { get; set; }
public DateTime CreationTime { get; set; }
public DateTime? Expiration { get; set; }
public string Data { get; set; }
}
and now I have to write the code for my PersistedGrantStore.cs class.
But the question is: once I have write code for PersistedGrantStore.cs class where I call PersistedGrantStore.cs class? In Identity.Server Account/AccountController? I didn't find any example about it without use EntityFramework, because I don't want to use Entity Framework.
Thanks.
365
Do not store or use OAuth access tokens or refresh tokens on web or mobile clients. OAuth access tokens and refresh tokens should be encrypted and stored in a secure database. Your application should use a strong encryption standard such as AES.
Requesting an access token using a refresh tokenTo get a new access token, you send the refresh token to the token endpoint. This will result in a new token response containing a new access token and its expiration and potentially also a new refresh token depending on the client configuration (see above).
You Can Store Refresh Token In Local Storage Storing tokens in browser local storage provides persistence across page refreshes and browser tabs; however, if malicious users managed to run JavaScript in the SPA using a cross-site scripting (XSS) attack, they could retrieve the tokens stored in local storage.
When using reference tokens - IdentityServer will store the contents of the token in a data store and will only issue a unique identifier for this token back to the client. The API receiving this reference must then open a back-channel communication to IdentityServer to validate the token.
The key will be to implement IPersistedGrantStore using whatever backend you like, then to tell IdentityServer to use that implementation by registering the implementation in the dependency injection system.
For example, if you call your implementation PersistedGrantStore, then you could register the implementation like this:
services.AddTransient<IPersistedGrantStore, PersistedGrantStore>();
You can see that essentially this is all that the EntityFramework implementation does, once you take away all the EntityFramework stuff.
Later when IdentityServer wants to persist a grant, it will get your implementation and call the appropriate method. So you don't have to do anything, other than inject your implementation into IdentityServer so it can do whats needed.
58
I know the question is kind of old and you might have already found the problem. I think your only mistake is that you invented your own interface instead of implementing:
IdentityServer4.Stores.IPersistedGrantStore
If you want to use your own CustomPersistedGrant it should derive from:
IdentityServer4.Models.PersistedGrant
otherwise you would have to wrap it somehow.
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
