Closed ngohungphuc closed 6 years ago
Hey,
https://github.com/openiddict/openiddict-core/issues/462 should put you on the right track.
So you mean that I can only have 1 refresh_token. What if token expired again ?
By default, OpenIddict will now issue a single refresh token and manage its lifetime dynamically by extending its expiration date every time it's used in a refresh token request. This refresh token is not automatically revoked and can be used until it expires.
ok so that mean i can store the refresh_token in my local storage and use it for multi refresh request right ?
Yes.
Thank for your confirmation
HI @ngohungphuc , @PinpointTownes Could you please help or share me on openiddict related sample in ASP.NET Core 2.2 as per below scenario
@ajithkumarrai
For OpenIddict refresh token flow, see https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow.
Unfortunately, there's no official sample without EF integration, but there's only one real different from the samples, you should create your own models and storages, see OpenIddict.EntityFrameworkCore, OpenIddict.EntityFrameworkCore.Models, OpenIddict.MongoDb, and OpenIddict.MongoDb.Models for that.
Hi
@ajithkumarrai
For OpenIddict refresh token flow, see https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow.
Unfortunately, there's no official sample without EF integration, but there's only one real different from the samples, you should create your own models and storages, see OpenIddict.EntityFrameworkCore, OpenIddict.EntityFrameworkCore.Models, OpenIddict.MongoDb, and OpenIddict.MongoDb.Models for that.
242 and #328 may helps.
Thanks you for reply In attached files i crated sample by following https://github.com/openiddict/openiddict-samples/tree/dev/samples/RefreshFlow this link, but while generating token(in password type response) it is not giving refresh_token attribute in response.
we are using Enterprise NoSQL otherthan MongoDb and we don't want to maintain storage for refresh tokens.
Could you please check attached files (with out EF or storage i am able to generate token but in response no refresh token)
@ajithkumarrai
but while generating token(in password type response) it is not giving refresh_token attribute in response.
offline_access
scope should be add to your request for refresh_token
,
@ajithkumarrai You can check my code here https://github.com/SaiGonSoftware/Awesome-CMS-Core/
do we need to maintain refresh token in db ?
Even after following sample not getting refresh token added scope like this
ticket.SetScopes(new[] { OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile, OpenIdConnectConstants.Scopes.OfflineAccess, OpenIddictConstants.Scopes.Roles }.Intersect(oidcRequest.GetScopes()));
@ajithkumarrai I save refresh token in localstorage but you can save to db. It's just personal preference
It means we need to store refresh token, it will not be handled by openiddict automatically like ASOS ? we don't have sql or mongodb we are using Marklogic and also we don't want to save tokens in db could you please guide me on this.
Local storage means : client script side right ? but before only i am not getting refresh token as per above screen shot.
In this above screen when i was requesting for token(password type) i am not receiving refresh token
It means we need to store refresh token, it will not be handled by openiddict automatically like ASOS ? we don't have sql or mongodb we are using Marklogic and also we don't want to save tokens in db could you please guide me on this.
Local storage means : client script side right ? but before only i am not getting refresh token as per above screen shot.
In this above screen when i was requesting for token(password type) i am not receiving refresh token @ajithkumarrai: You need to set the scope as openid offline_access in your request. Read more here: https://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-testing-your-authorization-server-with-postman/
Hi @PinpointTownes I have the problem with the refresh flow. The refresh flow doesn't return refresh_token
Here is my author controller https://github.com/Awesome-CMS-Core/Awesome-CMS-Core/blob/ACC-login-redirect/src/AwesomeCMSCore/Modules/AwesomeCMSCore.Modules.Account/Controllers/API/AuthorizationController.cs
And my start up code https://github.com/Awesome-CMS-Core/Awesome-CMS-Core/blob/ACC-login-redirect/src/AwesomeCMSCore/AwesomeCMSCore/Extension/ServiceCollectionExtensions.cs#L170-L254
Am I missing something ?