Jwt 使用MSAL进行ADFS刷新令牌旋转
环境Jwt 使用MSAL进行ADFS刷新令牌旋转,jwt,asp.net-identity,adfs,msal,Jwt,Asp.net Identity,Adfs,Msal,环境 .NetCore 3.1客户端 ADFS 2019 MSAL通过Microsoft.Identity.Client,版本=4.18.0.0 我正在使用MSAL使用.NetCore桌面客户端的ROPC流(用户名/密码)直接向客户ADFS 2019实例进行身份验证。我能够在初次登录时获得一个IDToken&RefreshToken,然后MSAL(它将RefreshToken保密)将在一段时间内获取新的IDToken,直到RefreshToken过期 我的问题是,在我继续想要登录时,是否有办
- .NetCore 3.1客户端
- ADFS 2019
- MSAL通过Microsoft.Identity.Client,版本=4.18.0.0
static void Main(string[] args)
{
app = PublicClientApplicationBuilder.Create("CLIENT_ID")
//.WithAuthority(AzureCloudInstance.AzurePublic, TenantId)
.WithAdfsAuthority("ADFS_URI", false)
//.WithExtraQueryParameters(new Dictionary<string, string> { {"forceRefresh", "true" } })
.Build();
while (true)
{
var result = GetToken().GetAwaiter().GetResult();
Console.WriteLine($"IdTok: {ComputeSha256Hash(result.IdToken)}, Exp: {result.ExpiresOn}");
Thread.Sleep(1000 * 60 * 2);
}
}
private static async Task<AuthenticationResult> GetToken()
{
var accounts = app.GetAccountsAsync().GetAwaiter().GetResult();
if (accounts == null || accounts.Count() == 0)
{
var result = app
.AcquireTokenByUsernamePassword(new string[] { "email", "openid"/*, "aza"*/, "allatclaims", "profile" }, "TESTUSER", ConvertToSecureString("TESTPASS"))
.ExecuteAsync().GetAwaiter().GetResult();
accounts = app.GetAccountsAsync().GetAwaiter().GetResult();
}
var cachedResult = app.AcquireTokenSilent(new string[] { "email", "openid"/*, "aza"*/, "allatclaims", "profile" }, accounts.FirstOrDefault()).ExecuteAsync().GetAwaiter().GetResult();
return cachedResult;
}
static void Main(字符串[]args)
{
app=PublicClientApplicationBuilder.Create(“客户端ID”)
//.WithAuthority(AzureCloudInstance.AzurePublic,租户ID)
.WithAdfsAuthority(“ADFS_URI”,false)
//.WithExtraQueryParameters(新字典{{“forceRefresh”,“true”})
.Build();
while(true)
{
var result=GetToken().GetAwaiter().GetResult();
WriteLine($“IdTok:{ComputeSha256Hash(result.IdToken)},Exp:{result.ExpiresOn}”);
线程睡眠(1000*60*2);
}
}
私有静态异步任务
后续响应仅包括新的IDToken
直到RefreshToken被拒绝