Reputation: 113
OWIN OAuth 2.0 Authorization Server Refresh Token
I run this sample application:
http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
Downloaded from:
http://code.msdn.microsoft.com/OWIN-OAuth-20-Authorization-ba2b8783
In the AuthorizationServer project Startup.Auth.cs file, I added
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(1),
inside
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions {
So that the token will expire after 1 minute.
After 1 minute and the token expired, I try to refresh the token, it gives me the error
The remote server returned an error: (400) Bad Request.
My questions is:
Is it possible to refresh the token if the token expire? Or how about automatically refresh the expired token if the user tries to access Protected Resource?
Upvotes: 1
Views: 1427
Answers (1)
Reputation: 750
By default, OWIN rejects refresh token if related authentication token expired already. Here is example, how you can override this behavior:
public class RefreshTokenProvider : IAuthenticationTokenProvider
{
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var ticket = LoadAuthenticationTicketFromDatabase();
context.DeserializeTicket(ticket);
context.Ticket.Properties.ExpiresUtc = DateTime.MaxValue;
}
}
Upvotes: 2
Related Questions
- How to make Owin automatically use refresh token when access token expires
- Salesforce Refresh Token OAuth
- Is it possible to renew the access token in OWIN
- Expiration of refresh tokens Microsoft.Owin
- OAuth2 refresh token utility
- OWIN Security - How to Implement OAuth2 Refresh Tokens
- How to update Owin access tokens with refresh tokens without creating new refresh token?
- Refresh Token usage
- Explicitly getting access token and refresh token in OWIN Authorization Server?
- Asp.net OWIN Identity refresh tokens and token expiration