Refresh token mechanism in Blazor Server #7955 | Support

neethucp created one month ago

Hi,

We are getting unauthorized message in the application when the token expires. Can you please help on how to implement refresh token mechanism so that the user is not redirected to login page before saving the changes.

ABP Framework version: v8.2.3
UI Type: Blazor Server
Database System: EF Core (SQL Server) /
Tiered (for MVC) or Auth Server Separated (for Angular): yes

4 Answer(s)

0

liangshiwei created one month ago
Support Team Fullstack Developer

Hi,

After check , no meaning to implement it, because you have to refresh current page to use the refresh token to get new access token.
0

neethucp created one month ago

Hi,

We have this issue raised by the customer that they are getting "Unauthorized" message while they are in the middle of updating some forms and they are forced to reload the page without saving the updates they made. That is the reason that we are looking for a refresh token mechanism so that they don't get the unauthorized messages while they are actively using the application.
0

liangshiwei created one month ago
Support Team Fullstack Developer

Hi

Sorry, there is no ASPNETCore official support at this time https://github.com/dotnet/aspnetcore/issues/55213

I'll try to find a temporary solution and let you know.

liangshiwei created one month ago

Support Team Fullstack Developer

Hi,

You can try this

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IAbpAccessTokenProvider))]
public class MyAccessTokenProvider : HttpContextAbpAccessTokenProvider
{
    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IConfiguration _configuration;
    
    public MyAccessTokenProvider(IHttpContextAccessor httpContextAccessor, IHttpClientFactory httpClientFactory, IConfiguration configuration) : base(httpContextAccessor)
    {
        _httpClientFactory = httpClientFactory;
        _configuration = configuration;
    }

    public override async Task<string?> GetTokenAsync()
    {
        var authenticationInfo = await HttpContextAccessor.HttpContext.AuthenticateAsync();
        
        var refreshToken = authenticationInfo.Properties?.GetTokenValue("refresh_token");
        var tokenString = authenticationInfo.Properties?.GetTokenValue("access_token");
        
        if (tokenString.IsNullOrWhiteSpace() || refreshToken.IsNullOrWhiteSpace())
        {
            return tokenString;
        }

        var token = new JwtSecurityTokenHandler().ReadJwtToken(tokenString);
        
        // check token expiration and refresh token if needed
        if (token.ValidTo < DateTime.UtcNow.AddMinutes(5))
        {
            var client = _httpClientFactory.CreateClient();
            
            var response = await client.RequestRefreshTokenAsync(new RefreshTokenRequest
            {
                ClientId = _configuration["AuthServer:ClientId"]!,
                ClientSecret = _configuration["AuthServer:ClientSecret"]!,
                RefreshToken = refreshToken,
                Address = _configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/token"
            });
                       
            
            authenticationInfo.Properties.UpdateTokenValue(
                "access_token", response.AccessToken);
            authenticationInfo.Properties.UpdateTokenValue(
                "refresh_token", response.RefreshToken);

            return response.AccessToken;
        }
        
        return tokenString;
        
    }
}

Have an answer to this question? Log in and write your answer.