如何从 Jquery Ajax 调用 Web Api 2 Refresh Token

Question

我正在使用带有个人用户帐户身份验证的 MVC 5 Web Api 2。我已将访问令牌的有效期设置为 10 秒。

TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(10),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true,
RefreshTokenProvider = new SimpleRefreshTokenProvider()

我想调用 jquery ajax 来获取刷新令牌“/Token, 访问令牌过期后

$.ajax({
    url: '/token',
    method: 'POST',
    contentType:'application/json',
    data: {
        username: $('#txtUserName').val(),
        password: $('#txtPassword').val(),
        grant_type:'password'
    },
    success: function (response) {
        sessionStorage.setItem('accessToken', response.access_token);
        window.location.href = 'Data.html';
    }
}):

Answer 1

登录请求成功后需要保存返回的refresh_token和access_token：

success: function (response) {
  sessionStorage.setItem('accessToken', response.access_token);
  sessionStorage.setItem('refreshToken', response.refresh_token);
  window.location.href = 'Data.html';
}

然后您可以使用它调用/token 与grant_type 的refresh_token。像这样的：

$.ajax({
  url: '/token',
  method: 'POST',
  contentType:'application/json',
  data: {
    refresh_token: sessionStorage.getItem('refreshToken'),
    grant_type: 'refresh_token'
  },
  success: function (response) {
    sessionStorage.setItem('accessToken', response.access_token);
    sessionStorage.setItem('refreshToken', response.refresh_token);
    window.location.href = 'Data.html';
  }
}):

将刷新令牌存储在比会话寿命更长的东西中可能更有意义，例如 localStorage 或 cookie。