C# 刷新令牌为空,AllowOfflineAccess为true,范围I具有脱机访问权限
刷新令牌始终为空,这是我的代码:C# 刷新令牌为空,AllowOfflineAccess为true,范围I具有脱机访问权限,c#,asp.net-core,identityserver4,C#,Asp.net Core,Identityserver4,刷新令牌始终为空,这是我的代码: new Client { ClientId = "mvc", ClientName = "MVC Client", RequireConsent = false, AllowedGrantTypes = GrantTypes.HybridAndClientCredentials, AllowAccessTokensViaBrowser = true, ClientSecrets = {new Secret("se
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
RequireConsent = false,
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowAccessTokensViaBrowser = true,
ClientSecrets = {new Secret("secret".Sha256())},
RedirectUris = { "http://localhost:7002/Account/callback" }, //{ "http://localhost:7002/signin-oidc" }, //
PostLogoutRedirectUris = { "http://localhost:7002/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
"api1"
},
AllowOfflineAccess = true,
AlwaysIncludeUserClaimsInIdToken = true
}
我通过创建授权url登录,我就是这样创建的:
var host = _context.HttpContext.Request.Host.Host;
var discoveryClient = new DiscoveryClient(Configuration["auth:oidc:authority"]);
var disco = await discoveryClient.GetAsync();
var request = new RequestUrl(disco.AuthorizeEndpoint);
authorizeUrl = request.CreateAuthorizeUrl(
clientId: "mvc",
responseType: "code id_token token",
responseMode: OidcConstants.ResponseModes.FormPost,
scope: "openid profile api1 offline_access",
redirectUri: "http://localhost:7002/Account/callback", //"http://localhost:7002/signin-oidc", //
state: CryptoRandom.CreateUniqueId(),
nonce: CryptoRandom.CreateUniqueId(),
acrValues: host);
return Redirect(authorizeUrl);
我被重定向到登录页面,进行登录,一旦登录并返回CallBack()(在HomeController中),我将获得除空刷新令牌之外的所有内容:
public async Task<IActionResult> Callback()
{
var code = Request.Form["code"];
var tokenType = Request.Form["token_type"];
var idToken = Request.Form["id_token"];
var scope = Request.Form["scope"];
var state = Request.Form["state"];
var session_state = Request.Form["session_state"];
var error = Request.Form["error"];
var expiresAt = Request.Form["expires_in"];
var accessToken = Request.Form["access_token"];
var refreshToken = Request.Form["refresh_token"];
}
公共异步任务回调()
{
var代码=请求。表格[“代码”];
var tokenType=Request.Form[“token_type”];
var idToken=Request.Form[“id_token”];
var scope=Request.Form[“scope”];
var state=Request.Form[“state”];
var session_state=Request.Form[“session_state”];
var error=Request.Form[“error”];
var expiresAt=Request.Form[“expires_in”];
var accessToken=Request.Form[“access_token”];
var refreshttoken=Request.Form[“refresh_token”];
}
重述一下:refresh_标记为空{},不是空的。为了以另一种方式测试它,我在about方法中添加了[authorize],如果我只在那里单击登录,那么我确实有一个refresh\u令牌
我遗漏了什么吗?您只能通过令牌端点调用获取刷新令牌。您需要使用返回回调的
code
调用/connect/token
此外,由于您正在手动执行请求和回调,因此调用
AddOpenIdConnect
可能没有任何意义。您为什么要自己创建授权URL?@DalmTo因为我创建的网站的性质需要这样做,所以在用户登录之前,我无法显示其他视图/页面。[授权]在所有控制器的顶部,将强制它重定向到登录。为什么您要手动执行此操作?@DalmTo我正在发送acrValues:host(子域),因为此应用程序将由使用同一客户端MVC的不同客户使用,但每个客户都有自己的子域。如果我不将子域发送到身份验证服务器,我将不知道搜索哪个数据库,这是我找到它的唯一方法。请随时给我提建议。ThanksI将尝试使用/connect/token和addOpenIdConnect实现您的建议,我仍然需要它,因为我需要将其插入服务,否则我将得到一个错误。这是我的需要,我向@DalmTo解释过,请随时提供建议。谢谢“”我正在发送acrValues:host(子域),因为此应用程序将由使用同一客户端MVC的不同客户使用,但每个客户都有自己的子域。如果我不将子域发送到身份验证服务器,我将不知道搜索哪个数据库,这是我找到它的唯一方法。请随时给我提建议。谢谢“
public async Task<IActionResult> Callback()
{
var code = Request.Form["code"];
var tokenType = Request.Form["token_type"];
var idToken = Request.Form["id_token"];
var scope = Request.Form["scope"];
var state = Request.Form["state"];
var session_state = Request.Form["session_state"];
var error = Request.Form["error"];
var expiresAt = Request.Form["expires_in"];
var accessToken = Request.Form["access_token"];
var refreshToken = Request.Form["refresh_token"];
}