Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Could AAA support refresh token #41

Open
leeaee opened this issue Aug 29, 2019 · 1 comment
Open

Could AAA support refresh token #41

leeaee opened this issue Aug 29, 2019 · 1 comment

Comments

@leeaee
Copy link

leeaee commented Aug 29, 2019

Act-aaa now return a token and when request to act service, service will response a new token in response header.
Could act aaa support return a access_token and refresh_token after login. then the client could get new token by expire time instend of update the header access token everytime.

the response for access_token and refresh_token could like this:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImV4cCI6MTU2NzA4MDAzMCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6ImE3NjBmZWJmLTZkNGEtNGRjMy04NTk4LTQwOTA2YmZkZTI1YyIsImNsaWVudF9pZCI6ImNsaWVudElkIn0.JfB2bx28nlIyCYT0rGgcFn61krFwZdEon6h5rLqqEqu9nHrfxSGVw_TneYxSj25yPM5IunHe5cv3gQPHpvEMW_d9M_yjNSlLtSvmdWz26Yc44AyQAW-hIR-SdXKS76xKNvCxtmE1yqJOupar7-nr0M1zkDFfeu7bM7svlpPWYJZj0nR6z0glG5N8PZR8uj-ci6iODazBcIc597mgHenx_qx1_x72FXCcJZh9DsXHz6jIi4B9AHJIlxN0fj12CNZGgUjNQAS_M4IC-Cu70Wq5s8CmD43y0zbqb3GZP63dYxdBSE3vhsvqI6NeSKjjOXIwm5jPmh4WkChQeDgIu7HcxA",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6ImE3NjBmZWJmLTZkNGEtNGRjMy04NTk4LTQwOTA2YmZkZTI1YyIsImV4cCI6MTU2NzA4MTIzMCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6ImU2NDllOGEyLWFiY2YtNDFkYy1iNjRkLTIwNGMyZWIwNjYxYSIsImNsaWVudF9pZCI6ImNsaWVudElkIn0.l8E39nLcGdXAjlmVbaLEXXUaQTSP70DIR4nREjfdoTe6ZWo-UdXvjKzjbaS7fF_VweKZ7U1bxog1iNJFAiqtfaRDjSdZZY0USZXIg8wCBhyPOH8URkYi2WIKzAjlCRATNFQaeLR5NAvlmEYkZx8Gj-T5Q2E1DhO14nGKokiaW5R158Oi1fbUc0eQUs8YomBxFEXG8SEJ6jTF3tJklfkKMv5dp60E_Ere6FCXeuFb3_2D5LNdBT3l7cUPrmrC62vvg2wdz0SQtUOi-z5HaKoR-0eik3Ety0Xmd73J1pUs-SCxyxn_WZSiBJj5ZArHqZsEheU-c-X3f4IQlbZZtRJdRg",
  "expires_in": 599,
  "scope": "read write",
  "user_id": 1,
  "jti": "a760febf-6d4a-4dc3-8598-40906bfde25c"
}
@greenlaw110
Copy link
Contributor

@leeaee

Session token expiration is always the same as session cookie expiration, which is specified by session.ttl configuration.

You can also let actframework export a header specify the session expiration time by

session.outputExpiration=true

In which case you have an new header Act-Session-Expires (which can be changed via header.session.expiration) indicate the expiration time of the token:

image

you don't need a specific refresh_token endpoint, simple replace your token with latest response to any request before the expiration time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@greenlaw110 @leeaee