Azure Active Directory令牌+刷新令牌

我正在使用Active Directory用户访问我们的应用程序（我创建了一个应用程序并在AD中注册它），但无法从令牌响应获取刷新令牌。Azure Active Directory令牌+刷新令牌

在Startup.cs我定义公开识别连接选项：

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); 

     app.UseCookieAuthentication(new CookieAuthenticationOptions 
     { 
      SlidingExpiration = true 
     }); 

     app.UseOpenIdConnectAuthentication(
      new OpenIdConnectAuthenticationOptions 
      { 
       ClientId = ApiConstants.AAD_WebClientId, 
       Authority = Authority, 
       TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, }, 
       Notifications = new OpenIdConnectAuthenticationNotifications() 
       { 
        RedirectToIdentityProvider = context => 
        { 
         if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest) 
         { 
          // ensure https before redirecting to Azure 
          if (!context.Request.IsSecure) 
          { 
           context.Response.Redirect(
            $"https://{context.Request.Uri.Authority}{context.Request.Uri.AbsolutePath}"); 
           context.HandleResponse(); 
           return Task.FromResult(0); 
          } 
         } 

         return Task.FromResult(0); 
        }, 

        // If there is a code in the OpenID Connect response, 
        // redeem it for an access token and refresh token, and store those away. 
        AuthorizationCodeReceived = OnAuthorizationCodeReceived, 
        AuthenticationFailed = OnAuthenticationFailed 
       } 
      });

我OnAuthorizationCodeReceived方法是：

private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context) 
    { 
     var code = context.Code; 

     ClientCredential credential = new ClientCredential(ApiConstants.AAD_WebClientId, ApiConstants.AAD_CertWeb); 
     AuthenticationContext authContext = new AuthenticationContext(Authority); 

     // If you create the redirectUri this way, it will contain a trailing slash. 
     // Make sure you've registered the same exact Uri in the Azure Portal (including the slash). 
     var builder = new UriBuilder(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)); 
     builder.Scheme = "https"; 
     if (builder.Uri.IsDefaultPort) 
     { 
      builder.Port = -1; 
     } 
     //n.AuthenticationTicket.Properties.RedirectUri = builder.ToString(); 

     // this doesn't return a refresh token??? 
     AuthenticationResult result = 
      await 
       authContext.AcquireTokenByAuthorizationCodeAsync(code, builder.Uri, credential, 
        ApiConstants.AAD_Audience); 
    }

问题是，返回的令牌不具有一个刷新令牌，也不它是否滑动，因此我们每小时都会注销。有什么我可以在Active Directory或我的应用程序中打开/接收刷新令牌？

还是我正在接收刷新标记，但AuthenticationResult类没有将此属性公开给我？

来源

2017-06-01 Colin

只是在调查同一问题时偶然发现了这一点。

如果使用像Fiddler这样的工具监视网络流量，您将看到refresh_token确实返回，它只是未公开。

来源

2017-07-27 16:55:26 DavidReid

这里有一个很好的解释太 https://dzimchuk.net/adal-distributed-token-cache-in-asp-net-core/ – DavidReid

Azure Active Directory令牌+刷新令牌

回答

相关问题