各個模式的accesstoken續期詳解

一些預備知識

jwt的時間格式

轉換爲時間能夠用js,

new Date(1531841745*1000)
==>Tue Jul 17 2018 23:35:45 GMT+0800 (中國標準時間)

關於Refresh token

refreshtoken僅僅在hybrid, authorization和ResourceOwnPassword三種模式中支持

一般在IdentityServer中,

若是客戶端是.net程序, 咱們使用hybrid和ResourceOwnPassword受權

若是客戶端是純js程序, 那麼使用implicit受權.

須要加上offline_access的scope權限, 才能夠拿到refresh_token

參考https://stackoverflow.com/questions/42162769/identity-server-4-angular-2-token-expiration

5down voteaccepted

I can recommend the library for managing token for the javascript application:https://github.com/IdentityModel/oidc-client-js

You've correctly used the implicit flow for SPA - here is the description about which flow is right one - https://leastprivilege.com/2016/01/17/which-openid-connectoauth-2-o-flow-is-the-right-one/

Oidc-client provides great feature called automaticSilentRenew - check the docs. There is the timer on the background and handle an event before token expiration and using hidden iframe for getting new access token.(看起來好像是這個js框架會自動使用iframe在受權到期的時候本身去idsv刷新token)

Example for Angular2 and oidc-client: https://github.com/jmurphzyo/Angular2OidcClient

Video with overview for authentication and authorization in JavaScript web applications using IdentityServer - https://vimeo.com/131636653

實戰一, mvc客戶端使用ResourceOwnPassword, 如何管理accesstoken續期

實戰二, js客戶端的續期

實戰三, mvc客戶端使用hybrid, 如何管理續期

參考http://www.javashuo.com/article/p-nufsmosr-e.html