refresh-token

问题 I have created a service for calling API from my angular application. In that service, I have declared ROOT_URL and TOKEN variables and assigned values for these. Below the declaration, there are few get methods to API using the above ROOT_URL and TOKEN. Issue i am facing is, this TOKEN value is expired every 24 hours so that i have to change the value everyday. I use the previous TOKEN to get a refresh token using postman. Can some one give me a solution how can i implement this will happen

问题 SEE Below for code that solved this issue I'm trying to find the best and most efficient way to deal with a refresh token that has expired within ASP.NET Core 2.1. Let me explain a bit more. I am using OAUTH2 and OIDC to request Authorization Code grant flows (or Hybrid flow with OIDC). This flow/grant type gives me access to an AccessToken, and a RefreshToken (Authorization Code as well, but that is not for this question). The access token and refresh token are stored by ASP.NET core, and

问题 I'm trying to get IdentityServer4 to work but unfortunately no luck. I'll explain the issue in more detail. I'm using IdentityServer4 and also .NET core Identity. I have a .net core mvc application which has login page. You basically login with username and password. When you login I need to generate jwt token I'm doing this using the following code: [HttpGet] public async Task<IActionResult> GetClientToken(string clientId, string clientSecret, string grantType, string scope, string username,

问题 I've followed Quickstart Hybrid Flow here but I need some help and advices about saving tokens after using refresh token. If I say true, the option SaveTokens allows to save tokens in cookies. Firstly, is it a good idea to store access and refresh tokens in a cookie (concerns about security) ? Other question, I retrieve correctly refresh token via the code var refreshToken = await HttpContext.GetTokenAsync("refresh_token"); but now, when I get the new access token, how can I store it (no

问题 I'm using Nuxt-axios module with the proxy. For Error handling, I have common code in Plugins/axios.js export default function({ $axios, __isRetryRequest, store, app, redirect , payload , next}) { $axios.onRequest(config => { if (app.$cookies.get('at') && app.$cookies.get('rt') && config.url != '/post_login/') { config.headers.common['Authorization'] = `Bearer ${app.$cookies.get('at')}`; } }); $axios.onResponseError(err => { const code = parseInt(err.response && err.response.status) let

问题 I'm using JWTs for authenticating users for my app. When a user logs in they are given an access token and a refresh token. To keep the refresh token safe, I don't store it on the client-side, but save it on the back-end with their account so it's not easy to access. I'm confused about the security of refresh tokens though, here's the logic that I'm understanding when I read online resources on how to use refresh tokens: authenticate store access token + refresh token somewhere (in my case,

问题 I'm using JWTs for authenticating users for my app. When a user logs in they are given an access token and a refresh token. To keep the refresh token safe, I don't store it on the client-side, but save it on the back-end with their account so it's not easy to access. I'm confused about the security of refresh tokens though, here's the logic that I'm understanding when I read online resources on how to use refresh tokens: authenticate store access token + refresh token somewhere (in my case,

问题 After successfully authenticating, I want to refresh my authorization token, so I issue the following request curl -X POST \ https://login.microsoftonline.com/<my-tenant>/oauth2/v2.0/token \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -F grant_type=refresh_token \ -F refresh_token=<my-refresh-token> \ -F client_id=<my-client-id> \ -F client_secret=<my-client-secret> However, instead of returning with a new token, I get the following response: { "error

问题 I have a situation: Step 1: Obtained access token (grant_type=password) (A1) and also a refresh token.(RT1) Step 2: Accessed resource (R) using the token (A1) - Success Step 3:Revoked user access role for Resource R. Step 4: Obtained access token (grant_type=password) (A2) and also a refresh token.(RT2) Step 5: Accessed resource (R) using the token (A2) - Failed till here all fine.now comes the unexpected part. Step 6: Obtained new access token (grant_type=refresh_token) using RT2.

问题 I'm using googleapis package from node to get refresh token and access token from auth code passed from front-end but every time I get the following error. { error: 'redirect_uri_mismatch', error_description: 'Bad Request' } I know this error comes up when we mismatch URL passed as a callback URL in the console. https://console.cloud.google.com/apis/credentials but I've already set up the correct URL in the console. still not sure what's the problem with the code. Using /auth to pass the