helloxielan 2014-06-11 07:07 采纳率: 0%
浏览 46


I have a web api that uses OWIN Authentication in my ASP.NET WebAPI and I need to implement refresh token.

When users login, API sends a Access_Token, Expiry_Date(3 mins) and Refresh_token to client.

Then the tokens are saved in the client localStorage.

I know that the use of refresh_token is to get new access_token if the access_token is expired.

Now my problem is When to do this?

Do i need to check if the client still has a valid/un-expired access_token EVERY TIME i request for a data in the Web API? And if the access_token is expired, i need to request a new access_token right?

For example:

  1. Client (Mobile hybrid app) request for data in api/orders (Web API).
  2. The client detected that the access_token he uses is expired base on the Expiry_Date that was saved in the localStorage.
  3. I need to "STOP" the request, get new access_token using refresh_token and then request the api/orders again. Basically doing THREE requests simultaneously? Seems to me a bit in efficient.

Or get the user to login again? I mean every 3 minutes the user needs to login? Which defeats the purpose of this.

Any idea how to handle it?

In this sample ajax request below, can someone have idea handle this?

      type: 'GET',
      url: WEB_API_URL,
      data: data,
      dataType: 'json',
      beforeSend: function(xhr) {
         // need to check if the accessToken is expired
         xhr.setRequestHeader("Authorization", "Bearer " + accessToken);
  • 写回答

1条回答 默认 最新

  • weixin_33690963 2014-06-11 07:35

    You should first get the tokens from your datastore. Check if they are valid for the next few seconds also. You don't want to run into a failed authorization because your request is delayed by something.

    If the token is going to expire soon, use your refresh token to get new access token.

    Then send your request to the Web Api.

    In short;

    1. Get token from datastore.
    2. Check if token is valid.
    3. If not valid, get new token.
    4. Send request to Web Api.

    I have no experience with Ajax, but with this flow you should be able to handle your request with a maximum of 2 request to your api.




    • ¥80 关于海信电视聚好看安装应用的问题
    • ¥15 vue引入sdk后的回调问题
    • ¥15 求一个智能家居控制的代码
    • ¥15 ad软件 pcb布线pcb规则约束编辑器where the object matpcb布线pcb规则约束编辑器where the object matchs怎么没有+15v只有no net
    • ¥15 虚拟机vmnet8 nat模式可以ping通主机,主机也能ping通虚拟机,但是vmnet8一直未识别怎么解决,其次诊断结果就是默认网关不可用
    • ¥20 求各位能用我能理解的话回答超级简单的一些问题
    • ¥15 yolov5双目识别输出坐标代码报错
    • ¥15 这个代码有什么语法错误
    • ¥15 给予STM32按键中断与串口通信
    • ¥15 使用QT实现can通信