如何使用jwt刷新Angular 6和web api中的令牌?
我已经将jwt令牌用于带有Web API的angular 6项目。 我可以通过生成令牌登录到我的会话,但当它过期时,比如10分钟后。我想显示一个弹出窗口,它会说,您的会话已过期,请单击下面的刷新您的会话。这将生成一个新令牌,可用于访问我的门户 我尝试了以下代码,使用下面的一些链接 在我的auth拦截器文件中。文件我添加了如下代码如何使用jwt刷新Angular 6和web api中的令牌?,api,jwt,owin,Api,Jwt,Owin,我已经将jwt令牌用于带有Web API的angular 6项目。 我可以通过生成令牌登录到我的会话,但当它过期时,比如10分钟后。我想显示一个弹出窗口,它会说,您的会话已过期,请单击下面的刷新您的会话。这将生成一个新令牌,可用于访问我的门户 我尝试了以下代码,使用下面的一些链接 在我的auth拦截器文件中。文件我添加了如下代码 intercept(req: HttpRequest<any>, next: HttpHandler) { const token = ses
intercept(req: HttpRequest<any>, next: HttpHandler) {
const token = sessionStorage.getItem('token');
const authReq = req.clone({ setHeaders: { Authorization: 'bearer ' +
token } });
return next.handle(authReq).do((event: HttpEvent<any>) => {
if (event instanceof HttpResponse) {
// if the token is valid
}
}, (err: any) => {
if (err instanceof HttpErrorResponse) {
if (err.status === 401) {
const refreshToken =
sessionStorage.getItem('refreshToken');
this.loginService.refreshToken([refreshToken]).subscribe((res: any) => {
const tokenInfo =
this.loginService.getDecodedAccessToken(res.access_token);
const loggedUser = tokenInfo.userName;
this.loginService.setToken(res.access_token,
loggedUser, res.refresh_token);
sessionStorage.setItem('userName', loggedUser);
}, error => {
});
this.router.navigateByUrl('/login');
this.authService.collectFailedRequest(authReq);
}
}
});
}
在我的startup.cs文件中,我添加了
authenticated(): boolean {
const token = sessionStorage.getItem('token');
if (!token) {
return null;
}
return !this.jwtHelper.isTokenExpired(token);
}
public void ConfigureOAuth(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
OAuthAuthorizationServerOptions OAuthServerOptions = new
OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/api/confirm_login"),
AccessTokenExpireTimeSpan = TimeSpan.FromMilliseconds(30000),
Provider = new ldAuthorizationServerProvider(),
AccessTokenFormat = new
ldTokenFormat(ConfigurationManager.AppSettings["as:AngularHostURL"]),
RefreshTokenProvider = new RefreshTokenProvider(),
AuthorizeEndpointPath = new PathString("/api/refresh_token"),
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
}
这是我的服务提供商
public class RefreshTokenProvider : IAuthenticationTokenProvider
{
private static ConcurrentDictionary<string, AuthenticationTicket>
_refreshTokens = new ConcurrentDictionary<string, AuthenticationTicket>();
public async Task CreateAsync(AuthenticationTokenCreateContext
context)
{
var guid = Guid.NewGuid().ToString();
// copy all properties and set the desired lifetime of refresh
token
var refreshTokenProperties = new
AuthenticationProperties(context.Ticket.Properties.Dictionary)
{
IssuedUtc = context.Ticket.Properties.IssuedUtc,
ExpiresUtc =
DateTime.UtcNow.AddMilliseconds(30000)//DateTime.UtcNow.AddYears(1)
};
var refreshTokenTicket = new
AuthenticationTicket(context.Ticket.Identity, refreshTokenProperties);
_refreshTokens.TryAdd(guid, refreshTokenTicket);
// consider storing only the hash of the handle
context.SetToken(guid);
}
public void Create(AuthenticationTokenCreateContext context)
{
throw new NotImplementedException();
}
public void Receive(AuthenticationTokenReceiveContext context)
{
throw new NotImplementedException();
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
Guid token;
if (Guid.TryParse(context.Token, out token))
{
AuthenticationTicket ticket;
if (_refreshTokens.TryRemove(token, out ticket))
{
context.SetTicket(ticket);
}
}
}
公共类RefreshTokenProvider:IAAuthenticationTokenProvider
{
私有静态并发字典
_refreshTokens=新的ConcurrentDictionary();
公共异步任务CreateSync(AuthenticationTokenCreateContext
(上下文)
{
var guid=guid.NewGuid().ToString();
//复制所有属性并设置所需的刷新生存期
代币
var refreshttokenproperties=new
AuthenticationProperties(context.Ticket.Properties.Dictionary)
{
IssuedUtc=context.Ticket.Properties.IssuedUtc,
ExpiresUtc=
DateTime.UtcNow.addmillizes(30000)//DateTime.UtcNow.AddYears(1)
};
var refreshttokenticket=new
AuthenticationTicket(context.Ticket.Identity、refreshTokenProperties);
_refreshTokens.TryAdd(guid,refreshTokenTicket);
//只考虑存储句柄的哈希值
SetToken(guid);
}
公共void创建(AuthenticationTokenCreateContext上下文)
{
抛出新的NotImplementedException();
}
public void Receive(AuthenticationTokenReceiveContext上下文)
{
抛出新的NotImplementedException();
}
公共异步任务ReceiveAsync(AuthenticationTokenReceiveContext上下文)
{
Guid令牌;
if(Guid.TryParse(context.Token,out-Token))
{
认证票证;
如果(_refreshtokes.TryRemove(令牌,出票))
{
上下文。设置票证(票证);
}
}
}
这里我的代码没有到达GrantRefreshToken方法。我不确定我缺少什么
在此示例中,我拥有用于登录和刷新令牌的共享令牌终结点is/token。除了令牌终结点之外,我拥有与您完全相同的代码。当我向其发出邮递员请求时,我点击了GrantRefreshToken代码 或者,这方面的角度代码是
refreshToken(): Observable<any> {
let headers = new Headers({ 'Content-type': 'application/x-www-form-urlencoded' });
headers.append('Content-Type', 'application/json');
headers.append('No-Auth', 'True');
var refreshToken = <the guid in the refresh_token local storage>
let body = 'grant_type=refresh_token&refresh_token=' + refreshToken;
return this._http.post(<some url> + '/Token', body, {headers:headers});
refreshToken():可观察{
let headers=新的头({'Content type':'application/x-www-form-urlencoded'});
headers.append('Content-Type','application/json');
headers.append('No-Auth','True');
变量刷新令牌=
let body='grant_type=refresh_token&refresh_token='+refreshttoken;
返回它。http.post(+'/Token',body,{headers:headers});
}是否有可能就angular/Azure广告与您联系?我看到您在这方面做了很多工作。如果有,请在我的个人资料中给我发电子邮件。谢谢!当然可以。。。
refreshToken(): Observable<any> {
let headers = new Headers({ 'Content-type': 'application/x-www-form-urlencoded' });
headers.append('Content-Type', 'application/json');
headers.append('No-Auth', 'True');
var refreshToken = <the guid in the refresh_token local storage>
let body = 'grant_type=refresh_token&refresh_token=' + refreshToken;
return this._http.post(<some url> + '/Token', body, {headers:headers});