手动创建时,Asp.Net刷新令牌“ invalid_grant”

问题描述 投票:0回答:1

我正在从接收googleIdToken(GoogleAuth)的端点在ASP.NET中生成访问令牌。访问令牌已成功生成并且可以正常工作,我可以使用它毫无问题地向我的API发出请求。当我尝试从同一端点生成刷新令牌时,就会出现问题。我可以看到刷新令牌已添加到数据库,但是当我尝试使用刷新令牌获取新的访问令牌时,它将返回“ invalid_grant”。

调试中,我发现ApplicationOAuthProvider中的GrantRefreshToken方法未在检索刷新令牌后执行。

这是创建访问和刷新令牌的方式:

我的端点:

        [System.Web.Http.HttpPost]
        [System.Web.Http.AllowAnonymous]
        public async Task<IHttpActionResult> GenerateEHSTokenFromGAuth(ExternalSignInRequest request){
                //gets user info from google
                var tokenInfo = await GoogleJsonWebSignature.ValidateAsync(request.TokenId);

                //Some logic to match google user to my users table.

                // Generate AuthTicket
                var oAuthIdentity = await user.GenerateUserIdentityAsync(_userManager, OAuthDefaults.AuthenticationType);
                var formData = GetRequestInfo(request);
                var ticket = await _authService.CreateAuthTicket(oAuthIdentity, formData);
                var token = _authService.CreateToken(ticket);

                var cookiesIdentity = await user.GenerateUserIdentityAsync(_userManager, CookieAuthenticationDefaults.AuthenticationType);
                AuthenticationManager.SignIn(cookiesIdentity);

                //Create refresh token
                Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext context =
                    new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(
                        HttpContext.Current.GetOwinContext(),
                        Startup.OAuthOptions.AccessTokenFormat, ticket);

                await Startup.OAuthOptions.RefreshTokenProvider.CreateAsync(context);
                var refreshToken = context.Token;

                var accessTokenExpiration = ((DateTimeOffset)ticket.Properties.ExpiresUtc).Subtract((DateTimeOffset)ticket.Properties.IssuedUtc).TotalSeconds;

                ticket.Properties.Dictionary.Add("refresh_token", refreshToken);
                ticket.Properties.Dictionary.Add("access_token", token);
                ticket.Properties.Dictionary.Add("expires_in", accessTokenExpiration.ToString());
                ticket.Properties.Dictionary.Add("token_type", "bearer");

                context.SerializeTicket();

                return Ok(ticket.Properties.Dictionary);
        }

RefreshTokenProvider:

public async Task CreateAsync(AuthenticationTokenCreateContext context)
        {
            var username = context.Ticket.Identity.Name;
            var unit = (IUnitOfWork)DependencyResolver.Current.GetService(typeof(IUnitOfWork));
            var refreshTokenLifeTime = ConfigurationManager.AppSettings["RefreshLifetimeMinutes"];
            var aspnetRefreshTokenId = Guid.NewGuid();
            var data = await context.Request.ReadFormAsync();
            var userName = context.Ticket.Identity.Name;

            var token = new AspNetRefreshToken()
            {
                AspNetRefreshTokenId = aspnetRefreshTokenId,
                UserName = userName,
                IssuedTime = DateTime.UtcNow,
                DeviceSource = GetDeviceSource(),
                ExpiredTime = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
            };

            token.ProtectedTicket = context.SerializeTicket();

            //Remove old refresh tokens
            var tokensToRemove = unit.AspNetRefreshTokenRepository.Get()
                .Where(x => (x.DeviceSource == deviceSource || x.DeviceSource == null) && x.UserName == userName || x.ExpiredTime < DateTime.UtcNow);

            foreach (var tokenToRemove in tokensToRemove)
                unit.AspNetRefreshTokenRepository.Remove(tokenToRemove.AspNetRefreshTokenId);

            unit.AspNetRefreshTokenRepository.Add(token);
            context.SetToken(aspnetRefreshTokenId.ToString());
            unit.Save();
        }

这是当我尝试使用刷新令牌获取访问令牌时调用的方法。我可以看到令牌是从数据库中检索到的,但是执行此方法后,执行结束,并且我收到invalid_grant消息。

public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var unit = (IUnitOfWork)DependencyResolver.Current.GetService(typeof(IUnitOfWork));
            var data = await context.Request.ReadFormAsync();
            var deviceSource = data.Get("device_source");

            Guid tokenId = Guid.Empty;
            var validGuid = Guid.TryParse(context.Token, out tokenId);

            if (!validGuid)
                return;

            var token = unit.AspNetRefreshTokenRepository.Get()
                .FirstOrDefault(x => x.AspNetRefreshTokenId == tokenId && x.DeviceSource == deviceSource);

            if (token == null)
                return;

            context.DeserializeTicket(token.ProtectedTicket);
            unit.AspNetRefreshTokenRepository.Remove(new Guid(context.Token));
            unit.Save();
        }
asp.net owin
1个回答
0
投票

嗯,问题是我在使用错误的TokenFomat创建上下文。如果需要为刷新令牌创建上下文,则需要为该上下文提供RefreshTokenFormat。

所以代替

Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext context =
                new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(
                    HttpContext.Current.GetOwinContext(),
                    Startup.OAuthOptions.AccessTokenFormat, ticket);

执行:

Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext context =
                new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(
                    HttpContext.Current.GetOwinContext(),
                    Startup.OAuthOptions.RefreshTokenFormat, ticket);

这将执行GrantRefreshToken,在其中创建新的访问令牌。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.