robisim74 / AngularSPAWebAPI

Angular Single Page Application with an ASP.NET Core Web API that uses token authentication
MIT License
231 stars 59 forks source link

Refresh token #2

Closed quanterion closed 8 years ago

quanterion commented 8 years ago

Thank you for great sample! It is interesting to know how it is possible to implement refresh_token to use short-lived access tokens and update them using refresh_tokens, that can be revoked

robisim74 commented 8 years ago

Hi,

you can use the grant type of IdentityServer: Refresh tokens.

For revocation, you must instead use the revocation endpoint: http://localhost:5000/connect/revocation.

However, if I have time in the next few days, I'll try to integrate it in the application as an option, or I will insert it in a note.

Greetings

robisim74 commented 8 years ago

Hi,

I've added the support for refresh token. Now a refresh token is returned with the access token, and using the getNewToken method of AuthenticationService class you can request a new access token for the user at the desired time. I've also added methods to revoke token. For more details see the explanation.

Greetings

quanterion commented 8 years ago

Thank you for great addition!