運行應用程序需要使用來自OIDC的刷新令牌(keycloak)來獲取訪問資源的授權。但似乎返回的RefreshToken似乎已過期或泄漏。Keycloak刷新令牌未授權的asp.net內核
問題是我可以登錄到應用程序並調用RefreshToken並傳入我的同步網關方法,但響應總是401無效。
不確定如何進一步調試。或者有什麼方法可以嘗試刷新RefreshToken。
查看下面的代碼。 [startup.cs]
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AutomaticAuthenticate = true,
ExpireTimeSpan = TimeSpan.FromMinutes(60)
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
var oidcOptions = new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = Configuration["keycloak:authority"],
RequireHttpsMetadata = bool.Parse(Configuration["keycloak:httpMetadata"]),
PostLogoutRedirectUri = Configuration["keycloak:logoutUri"],
ClientId = Configuration["keycloak:clientId"],
ClientSecret = Configuration["keycloak:clientSecret"],
ResponseType = OpenIdConnectResponseType.Code,
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
CallbackPath = "/signin-oidc",
};
oidcOptions.Scope.Clear();
oidcOptions.Scope.Add("openid");
app.UseOpenIdConnectAuthentication(oidcOptions);
方法調用RefreshToken
[HttpGet("getRec/{id}")]
public async Task<object> GetFileById(string id)
{
var refreshToken = await HttpContext.Authentication.GetTokenAsync("refresh_token");
//var authenticateInfo = await HttpContext.Authentication.GetAuthenticateInfoAsync("oidc");
//var refreshToken = authenticateInfo.Properties.Items[".Token.refresh_token"];
var token = HttpContext.Authentication.GetAuthenticateInfoAsync("refresh_token");
var val = await AppBal.GetFileById(refreshToken, id);
return val.Properties["files"];
}