Last post Mar 08, 2017 09:20 AM by Zhi Lv - MSFT
Mar 03, 2017 02:01 PM|sushilchaurasia|LINK
I had developed Owin Authentication in my project. I use Refresh token Id Globally for each user to grant access token.
Whenever user logs in it generate access token against given refreshTokenId and send response back to user.
when I try to refresh accessToken it calls "ReceiveAsync" method of "RefreshTokenProvider" where I Deserialize the token using following code context.DeserializeTicket(refreshToken.ProtectedTicket);
after execution of this method it calls "GrantRefreshToken" of "AuthorizationServerProvider" where it creates new accesstoken and this token is attached with refresh token and send back to user.
it works fine if I try to refresh token before AccessToken gets expired.
But When AccessToken gets expired and I try to refresh token it calls "ReceiveAsync" method of "RefreshTokenProvider" and deserialize token but after this method execution completion it did not calls "GrantRefreshToken" of "AuthorizationServerProvider".
Note : I had set refreshtoken expiry date to null so that it will never expired but accessToken expiry time is 20 min.
any help would be appreciated.
Mar 06, 2017 06:29 AM|Zhi Lv - MSFT|LINK
I suggest you could refer to the following links to get access token using refresh token:
Mar 06, 2017 09:28 AM|sushilchaurasia|LINK
First of all thanks for your reply.
I had already visited these links and one more thing to add while implementation I had taken reference from one of links given by you here
and as I mentioned it works properly when I try to refresh accessToken which is not expired but when I try to refresh those accessTokens which are expired then it fails and does not propogate after "ReceiveAsync" method of "RefreshTokenProvider".
and I think this is because in "ReceiveAsync" I am calling
while refreshToken.PreviousTicket is the accessToken which has been already expired.
Can you please help me how can I use this even though my accessToken has been expired.
Mar 08, 2017 09:20 AM|Zhi Lv - MSFT|LINK
I suggest you check the code in the refresh Token Generator function.
We should make sure Serialize the Access Token ticket and set to Refresh Token’s Protected Ticket
after reset the Access Token’s issued date and expire date, it’s very important.
It should be like this:
var refreshToken = new RefreshToken()
Id = refreshTokenId,
ClientId = new Guid(clientId),
UserName = context.Ticket.Identity.Name
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddSeconds(Convert.ToDouble(refreshTokenLifeTime)),
context.Ticket.Properties.IssuedUtc = refreshToken.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresUtc;
refreshToken.ProtectedTicket = context.SerializeTicket();
If still not working, I suggest you post the relevant code.