search

actframework / act-aaa-plugin

Use OSGL aaa library to mange Authentication/Authorization/Accounting for ActFramework Application
Apache License 2.0
6 stars 2 forks source link

Could AAA support refresh token #41

Open leeaee opened 5 years ago

leeaee commented 5 years ago

Act-aaa now return a token and when request to act service, service will response a new token in response header. Could act aaa support return a access_token and refresh_token after login. then the client could get new token by expire time instend of update the header access token everytime.

the response for access_token and refresh_token could like this:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImV4cCI6MTU2NzA4MDAzMCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6ImE3NjBmZWJmLTZkNGEtNGRjMy04NTk4LTQwOTA2YmZkZTI1YyIsImNsaWVudF9pZCI6ImNsaWVudElkIn0.JfB2bx28nlIyCYT0rGgcFn61krFwZdEon6h5rLqqEqu9nHrfxSGVw_TneYxSj25yPM5IunHe5cv3gQPHpvEMW_d9M_yjNSlLtSvmdWz26Yc44AyQAW-hIR-SdXKS76xKNvCxtmE1yqJOupar7-nr0M1zkDFfeu7bM7svlpPWYJZj0nR6z0glG5N8PZR8uj-ci6iODazBcIc597mgHenx_qx1_x72FXCcJZh9DsXHz6jIi4B9AHJIlxN0fj12CNZGgUjNQAS_M4IC-Cu70Wq5s8CmD43y0zbqb3GZP63dYxdBSE3vhsvqI6NeSKjjOXIwm5jPmh4WkChQeDgIu7HcxA",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6ImE3NjBmZWJmLTZkNGEtNGRjMy04NTk4LTQwOTA2YmZkZTI1YyIsImV4cCI6MTU2NzA4MTIzMCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6ImU2NDllOGEyLWFiY2YtNDFkYy1iNjRkLTIwNGMyZWIwNjYxYSIsImNsaWVudF9pZCI6ImNsaWVudElkIn0.l8E39nLcGdXAjlmVbaLEXXUaQTSP70DIR4nREjfdoTe6ZWo-UdXvjKzjbaS7fF_VweKZ7U1bxog1iNJFAiqtfaRDjSdZZY0USZXIg8wCBhyPOH8URkYi2WIKzAjlCRATNFQaeLR5NAvlmEYkZx8Gj-T5Q2E1DhO14nGKokiaW5R158Oi1fbUc0eQUs8YomBxFEXG8SEJ6jTF3tJklfkKMv5dp60E_Ere6FCXeuFb3_2D5LNdBT3l7cUPrmrC62vvg2wdz0SQtUOi-z5HaKoR-0eik3Ety0Xmd73J1pUs-SCxyxn_WZSiBJj5ZArHqZsEheU-c-X3f4IQlbZZtRJdRg",
  "expires_in": 599,
  "scope": "read write",
  "user_id": 1,
  "jti": "a760febf-6d4a-4dc3-8598-40906bfde25c"
}
greenlaw110 commented 4 years ago

@leeaee

Session token expiration is always the same as session cookie expiration, which is specified by session.ttl configuration.

You can also let actframework export a header specify the session expiration time by 

session.outputExpiration=true

In which case you have an new header Act-Session-Expires (which can be changed via header.session.expiration) indicate the expiration time of the token:

image

you don't need a specific refresh_token endpoint, simple replace your token with latest response to any request before the expiration time.