处理刷新令牌

I have a web api that uses OWIN Authentication in my ASP.NET WebAPI and I need to implement refresh token.

When users login, API sends a Access_Token, Expiry_Date(3 mins) and Refresh_token to client.

Then the tokens are saved in the client localStorage.

I know that the use of refresh_token is to get new access_token if the access_token is expired.

Now my problem is When to do this?

Do i need to check if the client still has a valid/un-expired access_token EVERY TIME i request for a data in the Web API? And if the access_token is expired, i need to request a new access_token right?

For example:

Client (Mobile hybrid app) request for data in api/orders (Web API).
The client detected that the access_token he uses is expired base on the Expiry_Date that was saved in the localStorage.
I need to "STOP" the request, get new access_token using refresh_token and then request the api/orders again. Basically doing THREE requests simultaneously? Seems to me a bit in efficient.

Or get the user to login again? I mean every 3 minutes the user needs to login? Which defeats the purpose of this.

Any idea how to handle it?

In this sample ajax request below, can someone have idea handle this?

$.ajax({
      type: 'GET',
      url: WEB_API_URL,
      data: data,
      dataType: 'json',
      beforeSend: function(xhr) {
         // need to check if the accessToken is expired
         xhr.setRequestHeader("Authorization", "Bearer " + accessToken);
       },
   }).

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
weixin_33690963 2014-06-11 07:35
关注
You should first get the tokens from your datastore. Check if they are valid for the next few seconds also. You don't want to run into a failed authorization because your request is delayed by something.

If the token is going to expire soon, use your refresh token to get new access token.

Then send your request to the Web Api.

In short;

1. Get token from datastore. 2. Check if token is valid. 3. If not valid, get new token. 4. Send request to Web Api.

I have no experience with Ajax, but with this flow you should be able to handle your request with a maximum of 2 request to your api.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

oauth2如何处理刷新令牌 php
2013-07-23 04:17

回答 1 已采纳 Here is my experience when implementing the oAuth library and api using this library. If you are
当访问令牌在GO中过期时，如何使用Google刷新令牌？
2018-10-15 22:16

回答 1 已采纳 oauth2.Config has a function which can automatically refreshes the token. updatedToken, err := co
使用PHP的Google Drive API - 刷新令牌获取消息'刷新令牌的问题必须传入或设置为setAccessToken的一部分' php
2018-09-18 23:55

回答 1 已采纳 Finally the token refresh works, I had to add this line $client->setAccessType("offline"); in o
如何实现刷新令牌功能前端
2020-10-11 06:33

weixin_26714477的博客它假定API已准备好进行刷新令牌，并且将指导您如何实现前端方面。 THE PROBLEM 问题 The defacto way for building applications is to authenticate your users then when the backend invalidates their token ...
Spotify的OAuth无法使用curl获取刷新令牌 php
2016-01-31 05:44

回答 2 已采纳 The reason I was receiving a bad response is because I needed: curl_setopt($ch, CURLOPT_SSL_VERI
无法从google api OAuth2刷新令牌 php
2015-06-08 12:00

回答 1 已采纳 The refresh_token is not returned by default in Google OAuth2. The request for an authorization c
Google PHP SDK - 无法获取刷新令牌 php
2015-06-15 15:09

回答 2 已采纳 First check the settings in the developer console of Google to see if your RedirectUri is the same
刷新令牌--refresh token
2024-05-29 18:55

travel_wsy的博客刷新令牌token
Google Adwords API。如何使用PHP库刷新令牌 php
2015-12-22 20:24

回答 1 已采纳 { "error" : "unauthorized_client" } This error means that a different google application client_
尝试使用谷歌PHP API的刷新令牌 php
2015-08-23 12:58

回答 1 已采纳 The error in Notice: Undefined property: stdClass::$refresh_token in C:\xampp\htdocs\trial\log-in
Google API：每次运行时获取刷新/访问令牌 php
2017-06-19 19:00

回答 1 已采纳 When you are saving access token, save refresh token too (in authorization code exchange) then, u
在 ASP.NET Core Web API 中应用 JWT 访问令牌和刷新令牌
2024-07-24 08:01

dotNET跨平台的博客本文将指导你在 ASP.NET Core Web API 中实现 JWT 访问令牌和刷新令牌。为什么要使用 JWT？JWT 令牌是紧凑的 URL 安全令牌，易于在各方之间转移。它们是自包含的，这意味着它们自身内部携带信息，从而减少了对服务器...
无法刷新令牌，因为用户已更改 - Syfmony 4 - LDAP php symfony
2019-08-09 16:17

回答 1 已采纳 This issue has been fixed in symfony 4.4, in symfony/src/Symfony/Component/Ldap/Security/LdapUser
前端怎样处理Token的问题
2022-08-19 21:45

Mr.指尖舞者的博客在axios的每个请求发起前进行拦截，根据expires_in判断token是否过期，如果过期则会刷新后再继续请求接口优点：请求前拦截处理，能节省请求次数缺点：后端需要提供Token过期时间字段（例如：expires_in），并且...
token 过期刷新令牌_签发的用户认证token超时刷新策略
2020-12-24 19:07

weixin_39974811的博客签发的用户认证token超时刷新策略这个模块分离至项目api权限管理系统与前后端分离实践，感觉那样太长了找不到重点，分离出来要好点。对于登录的用户签发其对应的jwt，我们在jwt设置他的固定有效期时间，在有效期内...
没有解决我的问题, 去提问

悬赏问题

¥30 Matlab打开默认名称带有/的光谱数据
¥50 easyExcel模板动态单元格合并列
¥15 res.rows如何取值使用
¥15 在odoo17开发环境中，怎么实现库存管理系统，或独立模块设计与AGV小车对接？开发方面应如何设计和开发？请详细解释MES或WMS在与AGV小车对接时需完成的设计和开发
¥15 CSP算法实现EEG特征提取，哪一步错了？
¥15 游戏盾如何溯源服务器真实ip?需要30个字。后面的字是凑数的
¥15 vue3前端取消收藏的不会引用collectId
¥15 delphi7 HMAC_SHA256方式加密
¥15 关于#qt#的问题：我想实现qcustomplot完成坐标轴
¥15 下列c语言代码为何输出了多余的空格

处理刷新令牌

1条回答 默认 最新

悬赏问题

1条回答默认最新