Reputation: 3335
Refresh token for IdentityServer4
We are implementing IdentityServer4 and trying to figure out why we are not getting a refresh token. Using the created examples I am trying to make sure I get refresh token at least on my local machine. So far no luck.
The client is configured like so:
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("secret".Sha256()) },
AllowedScopes = { "api1" },
AllowOfflineAccess = true,
AccessTokenLifetime = 60,
IdentityTokenLifetime = 60
},
The test program that's using the client looks like this:
/* CLIENT AUTHENTICATION WITH A KNOWN SECRET */
var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "secret");
var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1");
if (tokenResponse.IsError)
{
Console.WriteLine("TOKEN ERROR:\r\n" + tokenResponse.Error);
return;
}
Console.WriteLine(tokenResponse.Json);
using (var client = new HttpClient())
{
client.SetBearerToken(tokenResponse.AccessToken);
var numberOfSeconds = 10;
while( numberOfSeconds < 600 )
{
Console.WriteLine($"slept for for {numberOfSeconds}");
Thread.Sleep(10 * 1000);
var response = await client.GetAsync("http://localhost:52801/api/identity");
if (!response.IsSuccessStatusCode)
{
Console.WriteLine("API ERROR:\r\n" + response.StatusCode);
break;
}
else
{
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine("API RESPONSE:\r\n" + JArray.Parse(content));
}
numberOfSeconds += 10;
}
}
The token when printed out looks like this:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjRkMTJiNjI2MmNmODA0ODBmOTU1YTJhNmEyMDE1MzJlIiwidHlwIjoiSldUIn0.eyJuYmYiO
jE1Mzk4MjQyOTcsImV4cCI6MTUzOTgyNDM1NywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZ
XNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6ImNsaWVudCIsInNjb3BlIjpbImFwaTEiXX0.SjBbzIgNfhZ7K_BfrP6tRR71_VDRyxbUWdm0_7TEO8Tof
_BnXpxMipjeNylVenzEl8rzC5UlkajQpGmKsmPiBKB16QOgkYJjIMitOrjJ0xG-HzgbfW9umxh-mvYMk8aJj2uFYCX6DEs9XsH0Y9U5R4Qxx3zCwkq8SMtwM
4uN3mEJPu_zu7CUp0R7bAmsyjwxvx_s1BkjdGRdwOJ1JaobYqFx800oI5Q19wpWfCoYRAm9fQVBLAh7oJK07iNg037KSam9sAHiLCMh-JsRSHE3alLSEHNAQ
bMWTVJDD5s5ssjDS6XZFuVkGGL1Ezb8wpJkgdA2z_g6h9zHK9pTt3exmw",
"expires_in": 60,
"token_type": "Bearer"
}
360 seconds into using the access token expires and there is no refresh token to go get another access token. Is there something obvious I am missing?
Upvotes: 3
Views: 8486
Answers (1)
Reputation: 1584
You are using Client Credentials grant type therefore you don't need a Refresh Token to request another Access Token as your client (application) is trusted.
Refresh Tokens are only required with grant types that required user interaction and are used to avoid having to go back to the user to obtain their credentials.
See http://docs.identityserver.io/en/latest/topics/refresh_tokens.html:
Refresh tokens are supported for the following flows: authorization code, hybrid and resource owner password credential flow. The clients needs to be explicitly authorized to request refresh tokens by setting AllowOfflineAccess to true.
Upvotes: 7
Related Questions
- IdentityServer4 Access token updating
- How to use 'refresh_token' in IdentityServer 4?
- How to get new refresh token - Identity Server 4
- Using .NET Core Identity and need to refresh token
- IdentityServer4 refresh token never expires
- Using IdentityServer4 Refresh Tokens
- Refresh Token and Access Token from Identity Server4
- Refresh tokens Identity Server4
- How to refresh the identity server token?
- How to request a refresh token with identityserver4