1

我正在使用 Azure AD OpenID 连接框架为基于 Web 的 Java 应用程序开发身份验证服务。我指adal4j-1.2.0.jar 的是根据行为进行身份验证。我收到了 JWT 声明并能够验证它。

但是,当会话超时 60 分钟并且我尝试使用刷新令牌获取新令牌声明时,新令牌不是签名 JWT。它们是普通的 JWT。

我正在使用下面的调用来使用我正在缓存的初始刷新令牌获取令牌。

acquireTokenByRrefreshToken(refreshtoken, credential,null,null)

为了验证令牌,我使用如下代码

IDtokenValidator validator =  new IDTokenValidator(issuer,clientID, JWSAlgo,URL)
validator.validate(idToken, exoectedNoounce); //this line throws badjwtexception signed ID token expected

谁能帮助我了解如何兑换刷新令牌以获取新的签名令牌。或者在赎回代币之后,新的代币总是Plain JWT。

4

2 回答 2

1

我相信,您正在使用隐式授权流程来获取令牌。您正在从授权端点获取令牌。在此流程中,您将不会获得刷新令牌。您需要在会话到期后获取新令牌或创建一个可以隐藏的框架在会话过期之前获取令牌。

于 2017-09-29T07:28:11.650 回答
0

您可以参考官方文档来获取access tokenrefresh token通过code grant flow.

实际上,其中的方法adal4j是通过实现的,HTTP REST API因此您可以参考下面的代码来请求AuthorizationCode

public static void getAuthorizationCode() throws IOException {

        String encoding = "UTF-8";
        String params = "client_id=" + clientId 
                + "&response_type=" + reponseType
                + "&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F"
                + "&response_mode=query"
                + "&resource=https%3A%2F%2Fgraph.windows.net"
                + "&state=12345";
        String path = "https://login.microsoftonline.com/" + tenantId + "/oauth2/authorize";
        byte[] data = params.getBytes(encoding);
        URL url = new URL(path);
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
        conn.setRequestMethod("POST");
        conn.setDoOutput(true);
        conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        conn.setRequestProperty("Content-Length", String.valueOf(data.length));
        conn.setConnectTimeout(5 * 1000);
        OutputStream outStream = conn.getOutputStream();
        outStream.write(data);
        outStream.flush();
        outStream.close();
        System.out.println(conn.getResponseCode());
        System.out.println(conn.getResponseMessage());

        BufferedReader br = null;
        if (conn.getResponseCode() != 200) {
            br = new BufferedReader(new InputStreamReader((conn.getErrorStream())));
        } else {
            br = new BufferedReader(new InputStreamReader((conn.getInputStream())));
        }
        System.out.println("Response body : " + br.readLine());
    }

然后你可以access token使用AuthorizationCode你得到的并使用下面的代码获取刷新代码。

public static void getToken(String refreshToken) throws IOException {

        String encoding = "UTF-8";
        String params = "client_id=" + clientId + "&refresh_token=" + refreshToken
                + "&grant_type=refresh_token&resource=https%3A%2F%2Fgraph.windows.net";
        String path = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
        byte[] data = params.getBytes(encoding);
        URL url = new URL(path);
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
        conn.setRequestMethod("POST");
        conn.setDoOutput(true);
        conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        conn.setRequestProperty("Content-Length", String.valueOf(data.length));
        conn.setConnectTimeout(5 * 1000);
        OutputStream outStream = conn.getOutputStream();
        outStream.write(data);
        outStream.flush();
        outStream.close();
        System.out.println(conn.getResponseCode());
        System.out.println(conn.getResponseMessage());

        BufferedReader br = null;
        if (conn.getResponseCode() != 200) {
            br = new BufferedReader(new InputStreamReader((conn.getErrorStream())));
        } else {
            br = new BufferedReader(new InputStreamReader((conn.getInputStream())));
        }
        System.out.println("Response body : " + br.readLine());
    }

希望它可以帮助你。

于 2017-10-04T08:38:04.323 回答