一些预备知识
jwt的时间格式
转换为时间可以用js,
new Date(1531841745*1000)
==>Tue Jul 17 2018 23:35:45 GMT+0800 (中国标准时间)
关于Refresh token
refreshtoken仅仅在hybrid, authorization和ResourceOwnPassword三种模式中支持
通常在IdentityServer中,
如果客户端是.net程序, 我们使用hybrid和ResourceOwnPassword授权
如果客户端是纯js程序, 那么使用implicit授权.
需要加上offline_access的scope权限, 才可以拿到refresh_token
参考https://stackoverflow.com/questions/42162769/identity-server-4-angular-2-token-expiration
5down voteaccepted
I can recommend the library for managing token for the javascript application:https://github.com/IdentityModel/oidc-client-js
You've correctly used the implicit flow for SPA - here is the description about which flow is right one - https://leastprivilege.com/2016/01/17/which-openid-connectoauth-2-o-flow-is-the-right-one/
Oidc-clientprovides great feature calledautomaticSilentRenew- check the docs. There is the timer on the background and handle an event before token expiration and using hidden iframe for getting new access token.(看起来好像是这个js框架会自动使用iframe在授权到期的时候自己去idsv刷新token)Example for
Angular2andoidc-client: https://github.com/jmurphzyo/Angular2OidcClientVideo with overview for authentication and authorization in JavaScript web applications using IdentityServer - https://vimeo.com/131636653
实战一, mvc客户端使用ResourceOwnPassword, 如何管理accesstoken续期
实战二, js客户端的续期
实战三, mvc客户端使用hybrid, 如何管理续期