我正在尝试使用实现 IdentityServer4 的 ASP.NET Core Web API 对我的 UWP 应用程序进行身份验证。(geant_type为Password) 所以在app上,我添加了nuget IdentityModel 4.3.1,并编写了如下代码来获取token和刷新token。请注意我在这里使用了System.Net.Http.HttpClient。
var policy = new DiscoveryPolicy();
policy.ValidateIssuerName = false;
var client = new HttpClient();
DiscoveryDocumentResponse disco = await client.GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest
{
Address = "https://maduranga-atrad.boardpac.local:8443/Auth.API",
ClientSecret = "LTY0OTU1NzY3OTM0OTQ1NjE3NA",
Policy = policy
});
TokenResponse token = await client.RequestPasswordTokenAsync(new PasswordTokenRequest()
{
UserName = "User786",
Password = "Password@123",
ClientId = "boardpac.main.uwp",
ClientSecret = "LTY0OTU1NzY3OTM0OTQ1NjE3NA",
GrantType = "password",
Scope = "openid email offline_access main auth",
Address = disco.TokenEndpoint,
AuthorizationHeaderStyle = BasicAuthenticationHeaderStyle.Rfc6749
});
TokenResponse refresh = await client.RequestRefreshTokenAsync(new RefreshTokenRequest()
{
Address = disco.TokenEndpoint,
RefreshToken = token.RefreshToken,
ClientId = "boardpac.main.uwp",
AuthorizationHeaderStyle = BasicAuthenticationHeaderStyle.Rfc6749,
});
我的问题是
何时发送刷新令牌请求?我是否必须手动处理令牌过期?(我需要等到 HttpClient 返回 HTTP 错误 401,然后启动令牌请求。但是所有后续请求会发生什么?我必须将所有请求排队,然后重试等等。似乎很多工作。)
我看到了一个示例,其中RefreshTokenHandler设置为 HttpClient (System.Net.Http.HttpClient),它说刷新部分是自动处理的。我使用 Windows.Web.Http HttpClient,但无法使用 RefreshTokenHandler。如何使用 Windows.Web.Http HttpClient 自动处理刷新令牌?
谢谢您的考虑。