Identity Server 4 /connect/token 在使用 grant_type:refresh_token 时返回 400 Bad Request。

huangapple go评论65阅读模式
英文:

Identity Server 4 /connect/token return 400 Bad Request when using grant_type:refresh_token

问题

以下是您要翻译的内容:

"I'm using Identity Server 4 as the Identity Provider for an Angular SPA. The application authenticates and authorizes fine, however, randomly we encounter an issue where the logged user is suddenly kicked out, well within the token lifetime. When we inspect the network logs, we realized that the /connect/token endpoint with the grant_type: refresh_token returns a 400. So my assumption is that when the application tries to get a new token using the refresh token, the operation fails.

Following are the client details for the FE application:

[AllowOfflineAccess] = true
[IdentityTokenLifetime] = 300,
[AccessTokenLifetime] = 3600,
[RefreshTokenUsage] = true,
[AbsoluteRefreshTokenLifetime] = 2592000,
[SlidingRefreshTokenLifetime] = 1296000,
[RefreshTokenExpiration] = true

Like I said, this behavior is random, so we can't pinpoint why it's happening.

Any thoughts?

Attached a screenshot of the network log showing the error: Identity Server 4 /connect/token 在使用 grant_type:refresh_token 时返回 400 Bad Request。

英文:

I'm using Identity Server 4 as the Identity Provider for an Anuglar SPA. The application authenticates and authorizes fine, however, randomly we encounter an issue where the logged user is suddenly kicked out, well within the token lifetime. When we inspect the network logs, we realized that the /connect/token endpoint with the grant_type: refresh_token returns a 400. So my assumption is that when the application tries to get a new token using the refresh token, the operation fails.

Following are the client details for the FE application:

  [AllowOfflineAccess] = true
  [IdentityTokenLifetime] = 300,
  [AccessTokenLifetime] = 3600,
  [RefreshTokenUsage] = true,
  [AbsoluteRefreshTokenLifetime] = 2592000,
  [SlidingRefreshTokenLifetime] = 1296000,
  [RefreshTokenExpiration] = true

Like I said, this behavior is random, so we can't pinpoint why it's happening.

Any thoughts?

Attached a screenshot of the network log showing the error:Identity Server 4 /connect/token 在使用 grant_type:refresh_token 时返回 400 Bad Request。

答案1

得分: 1

以下是翻译好的部分:

"Could it be that one of the cookies involved expires? or that there are duplicate requests for the refresh token (if you use on-time-refresh tokens) if so you might get logged out.

If you see duplicate requests, that depends on how and what library (if any) you use to request new access tokens.

The other option if you can't solve it, is to disable one-time refresh tokens in IdentityServer (RefreshTokenUsage). see https://docs.duendesoftware.com/identityserver/v6/tokens/refresh/"

英文:

Could it be that one of the cookies involved expires? or that there are duplicate requests for the refresh token (if you use on-time-refresh tokens) if so you might get logged out.

If you see duplicate requests, that depends on how and what library (if any) you use to request new access tokens.

The other option if you can't solve it, is to disable one-time refresh tokens in IdentityServer (RefreshTokenUsage). see https://docs.duendesoftware.com/identityserver/v6/tokens/refresh/

huangapple
  • 本文由 发表于 2023年5月29日 20:31:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/76357404.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定