我有一个与 Microsoft Azure 集成的 Multi-Tenancy Web API 项目。我连接到微软,获取访问 token 和刷新 token ,每次在访问 token 过期之前,我都会调用 api
POST https://login.microsoftonline.com/tenant/oauth2/v2.0/token
请求中的数据是:
grant_type=refresh_token
refresh_token=xxxxxxxxxxx
client_id=xxxxxxxxxx
我获得了新的访问 token 和刷新 token ,一小时后获得了具有相同 api 和上次收到的刷新 token 的新访问 token 。但 24 小时后,我的刷新 token 不知何故过期,我需要重新连接并再次输入我的凭据。 如何使我的刷新 token 在我手动撤销之前不会过期。我需要以某种方式在后台更新刷新 token 超时,并保存我的集成始终连接,直到我手动撤销它。
我需要以某种方式组织它以始终保持连接,直到手动撤销。有什么解决办法吗?
最佳答案
在某些情况下刷新 token 有 24 小时限制:
Refresh tokens sent to a redirect URI registered as spa expire after 24 hours. Additional refresh tokens acquired using the initial refresh token carry over that expiration time, so apps must be prepared to rerun the authorization code flow using an interactive authentication to get a new refresh token every 24 hours. Users don't have to enter their credentials and usually don't even see any related user experience, just a reload of your application. The browser must visit the log-in page in a top-level frame to show the login session. This is due to privacy features in browsers that block third party cookies.
参见:https://learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens
关于Azure AD 刷新 token 过期,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/74996886/