helloxielan 2014-06-11 07:07 采纳率: 0%
浏览 46

处理刷新令牌

I have a web api that uses OWIN Authentication in my ASP.NET WebAPI and I need to implement refresh token.

When users login, API sends a Access_Token, Expiry_Date(3 mins) and Refresh_token to client.

Then the tokens are saved in the client localStorage.

I know that the use of refresh_token is to get new access_token if the access_token is expired.

Now my problem is When to do this?

Do i need to check if the client still has a valid/un-expired access_token EVERY TIME i request for a data in the Web API? And if the access_token is expired, i need to request a new access_token right?

For example:

  1. Client (Mobile hybrid app) request for data in api/orders (Web API).
  2. The client detected that the access_token he uses is expired base on the Expiry_Date that was saved in the localStorage.
  3. I need to "STOP" the request, get new access_token using refresh_token and then request the api/orders again. Basically doing THREE requests simultaneously? Seems to me a bit in efficient.

Or get the user to login again? I mean every 3 minutes the user needs to login? Which defeats the purpose of this.

Any idea how to handle it?

In this sample ajax request below, can someone have idea handle this?

$.ajax({
      type: 'GET',
      url: WEB_API_URL,
      data: data,
      dataType: 'json',
      beforeSend: function(xhr) {
         // need to check if the accessToken is expired
         xhr.setRequestHeader("Authorization", "Bearer " + accessToken);
       },
   }).
  • 写回答

1条回答 默认 最新

  • weixin_33690963 2014-06-11 07:35
    关注

    You should first get the tokens from your datastore. Check if they are valid for the next few seconds also. You don't want to run into a failed authorization because your request is delayed by something.

    If the token is going to expire soon, use your refresh token to get new access token.

    Then send your request to the Web Api.

    In short;

    1. Get token from datastore.
    2. Check if token is valid.
    3. If not valid, get new token.
    4. Send request to Web Api.
    

    I have no experience with Ajax, but with this flow you should be able to handle your request with a maximum of 2 request to your api.

    评论

报告相同问题?

悬赏问题

  • ¥15 Abaqus打不开cae文件怎么办?
  • ¥20 双系统开机引导中windows系统消失问题?
  • ¥15 小程序准备上线,软件开发公司需要提供哪些资料给甲方
  • ¥15 关于生产日期批次退货退款,库存回退的问题
  • ¥15 手机应用的时间可以修改吗
  • ¥15 docker 运行OPEN-webui异常
  • ¥15 麒麟系统如何删除光盘刻录痕迹
  • ¥15 recipe通过gem协议传的是什么
  • ¥15 TS2307: Cannot find module 'cc'.
  • ¥15 100小时学会sap 书上pp章节5.22,标准成本计算逻辑?