Authentication configuration:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role,
};
options.SignedOutRedirectUri = "/Home";
options.SignedOutCallbackPath = "/Account/SignOutCallback";
options.Authority = Authority;
options.ClientId = ClientId;
options.ClientSecret = ClientSecret;
options.ResponseType = "code";
//Scopes is "Api.Scope", "offline_access"
foreach (var scope in Scopes)
{
options.Scope.Add(scope);
}
options.SaveTokens = true;
});
this configuration redirect to the identity server login when using the Autorize attribute in a controller
the access token:
var accessToken = await _contextAccessor.HttpContext.GetTokenAsync("access_token");
the client Access Token Lifetime is configured to 120 for test purposes so the token expires in 2 minutes.
the client application is an MVC Web application and i use the External Login method to authenticate the user via AD. because in order to call the API i need all user informations (roles and claims). following this method from the documentation : https://docs.duendesoftware.com/identityserver/v5/quickstarts/2_interactive/
now the question is how to refresh the access token when it exprires.
This works for identity server 4 code flow.
In IdentityServer config, add
AllowOfflineAccess=true,andIdentityServerConstants.StandardScopes.OfflineAccessto allowed scopes.In Client side oidc authentication,after adding
options.Scope.Add("offline_access");Then your could see the refresh token by