英文:
Identity Server 4 /connect/token return 400 Bad Request when using grant_type:refresh_token
问题
以下是您要翻译的内容:
"I'm using Identity Server 4 as the Identity Provider for an Angular SPA. The application authenticates and authorizes fine, however, randomly we encounter an issue where the logged user is suddenly kicked out, well within the token lifetime. When we inspect the network logs, we realized that the /connect/token
endpoint with the grant_type: refresh_token
returns a 400. So my assumption is that when the application tries to get a new token using the refresh token, the operation fails.
Following are the client details for the FE application:
[AllowOfflineAccess] = true
[IdentityTokenLifetime] = 300,
[AccessTokenLifetime] = 3600,
[RefreshTokenUsage] = true,
[AbsoluteRefreshTokenLifetime] = 2592000,
[SlidingRefreshTokenLifetime] = 1296000,
[RefreshTokenExpiration] = true
Like I said, this behavior is random, so we can't pinpoint why it's happening.
Any thoughts?
Attached a screenshot of the network log showing the error:
英文:
I'm using Identity Server 4 as the Identity Provider for an Anuglar SPA. The application authenticates and authorizes fine, however, randomly we encounter an issue where the logged user is suddenly kicked out, well within the token lifetime. When we inspect the network logs, we realized that the /connect/token
endpoint with the grant_type: refresh_token
returns a 400. So my assumption is that when the application tries to get a new token using the refresh token, the operation fails.
Following are the client details for the FE application:
[AllowOfflineAccess] = true
[IdentityTokenLifetime] = 300,
[AccessTokenLifetime] = 3600,
[RefreshTokenUsage] = true,
[AbsoluteRefreshTokenLifetime] = 2592000,
[SlidingRefreshTokenLifetime] = 1296000,
[RefreshTokenExpiration] = true
Like I said, this behavior is random, so we can't pinpoint why it's happening.
Any thoughts?
答案1
得分: 1
以下是翻译好的部分:
"Could it be that one of the cookies involved expires? or that there are duplicate requests for the refresh token (if you use on-time-refresh tokens) if so you might get logged out.
If you see duplicate requests, that depends on how and what library (if any) you use to request new access tokens.
The other option if you can't solve it, is to disable one-time refresh tokens in IdentityServer (RefreshTokenUsage). see https://docs.duendesoftware.com/identityserver/v6/tokens/refresh/"
英文:
Could it be that one of the cookies involved expires? or that there are duplicate requests for the refresh token (if you use on-time-refresh tokens) if so you might get logged out.
If you see duplicate requests, that depends on how and what library (if any) you use to request new access tokens.
The other option if you can't solve it, is to disable one-time refresh tokens in IdentityServer (RefreshTokenUsage). see https://docs.duendesoftware.com/identityserver/v6/tokens/refresh/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论