问题
To grant or revoke access to my webapis, I use OAuth password- and tokenrefreshworkflow.
If I understand everything correctly the workflow should be something like this:
- Authenticate with username / password / client id
- Retrieve accestoken, refreshtoken and expire date
- Start timeout in client to refresh your token after expired token time
- Go on with bullet 2 -> and so on..
The progress above works fine so far. My problem is, that I don't get the expire time out of the users principle after the authentication request. So if I work with stateles webclients, I need to renew my token every request to retrieve a new expire date, even if the users token is valid :/
What I want is something like a /api/session/information service, that provides general information about the current session of an authenticated user.
How do I retrieve my expire date =)
[HttpGet]
[ActionName("information")]
public HttpResponseMessage Information(BaseRequest request)
{
var p = Request.GetRequestContext().Principal;
/* here i need help =) */
}
回答1:
Your access token (JWT?) should contain an expiry claim. In JWT it is "exp", which shows the number of seconds since 1970-1-1. In javascript you can get a date from this like this:
new Date(<exp> * 1000);
In .Net / C# you would be able to do the same:
var epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
return epoch.AddSeconds(<exp>);
Is that what you are looking for? Otherwise let me know. Happy to help :-)
回答2:
Just to expand on Henrik N.'s answer a little. If you're in C# then you can use JWTSecurityTokenHandler within System.IdentityModel.Tokens.Jwt (Nuget: Install-Package System.IdentityModel.Tokens.Jwt) to read the token and the resulting JwtSecurityToken object gives you some handy properties, one of which is ValidTo which converts the exp claim into a DateTime object for you E.g.:
var tokenString = GetTokenString(); // Arbitrary method to get the token
var handler = new JwtSecurityTokenHandler();
var token = handler.ReadToken(tokenString) as JwtSecurityToken;
var tokenExpiryDate = token.ValidTo;
// If there is no valid `exp` claim then `ValidTo` returns DateTime.MinValue
if(tokenExpiryDate == DateTime.MinValue) throw new Exception("Could not get exp claim from token");
// If the token is in the past then you can't use it
if(tokenExpiryDate < DateTime.UtcNow) throw new Exception($"Token expired on: {tokenExpiryDate}");
// Token is valid
来源:https://stackoverflow.com/questions/22829879/get-expire-time-of-oauth-session