Using ADFS OAuth Refresh Token

穿精又带淫゛_ 提交于 2019-12-19 04:04:03

问题


I have ADFS3 OAuth2 configured to return Refresh Tokens:

PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices
PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10
PS> Set-AdfsProperties -SSOLifetime 480

Here the Access Token lasts for 10 minutes and the Refresh Token lasts for 480 minutes.

I then generate an Access Token by GETing:

https://myadfsdomain/adfs/oauth/authorize
    ?response_type=code
    &client_id=MYCLIENTID
    &redirect_uri=https://myserver/callback
    &resource=MYRelyingPartyId

and POSTing the responseCode Eg:

$http({method: "post", 
       headers: {'Content-Type': 'application/x-www-form-urlencoded'}, 
       url: "https://myadfsdomain/adfs/oauth2/token", 
       data: "client_id=MYCLIENTID&code=" + responseCode + "&redirect_uri=https://myserver/callback&grant_type=authorization_code"  })

The response has the Access Token, type, Expire Time and Refresh Token:

{"access_token":"blah...",
 "token_type":"bearer",
 "expires_in":600,
 "refresh_token":"blahblah..."}

Great. The Access Token is now valid for however long it has been configured for (10 minutes here)

Questions is, once that time has expired, how do we use the refresh_token to get another Access Token? IE:

  • What is the URL?
  • Do we POST?
  • What param names do we use to POST the refresh_token?

回答1:


The refresh token grant type is also executed against the token endpoint that you used to exchange the Authorization Code at. You should use POST according to the RFC: https://tools.ietf.org/html/rfc6749#section-6 and provide at least the parameters grant_type and refresh_token. An example, based on the one from the RFC:

POST /adfs/oauth2/token HTTP/1.1
Host: myadfsdomain
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=<blahblah...>


来源:https://stackoverflow.com/questions/42079767/using-adfs-oauth-refresh-token

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!