Unauthorized between Microsservices call #5787 | Support

douglasmolon@gmail.com created one year ago

ABP Framework version: v7.2.2
UI Type: Angular
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace: Below
Steps to reproduce the issue:Below

Hello again! We've set the token generation in the AuthServer as follows in PreConfigureServices:

PreConfigure<OpenIddictServerBuilder>(builder =>
{
    builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
    builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
    builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
    builder.SetAccessTokenLifetime(TimeSpan.FromMinutes(5));
    builder.SetIdentityTokenLifetime(TimeSpan.FromMinutes(5));
    builder.SetRefreshTokenLifetime(TimeSpan.FromMinutes(30));
});

And the TokenCleanup as follows in ConfigureServices:

Configure<TokenCleanupOptions>(options =>
{
    options.CleanupPeriod = 1000 * 60 * 30; // Default: 3,600,000 ms, 1 hour
    options.MinimumAuthorizationLifespan = TimeSpan.FromMinutes(30);
    options.MinimumTokenLifespan = TimeSpan.FromMinutes(30);
});

However, for some reason, the communication between microservices is returning "Unauthorized" after 10 minutes. We are unsure if the microservices request a new token with every HTTP request or if they continue using the same token until it expires and then obtain a new using refresh token. I'm afraid we might have done something wrong. Could you please enlighten us?

4 Answer(s)

0

douglasmolon@gmail.com created one year ago

Hello! Anyone, please?
0

maliming created one year ago
Support Team Fullstack Developer

hi

We are unsure if the microservices request a new token with every HTTP request or if they continue using the same token until it expires and then obtain a new using refresh token.

It will request a token, cache it, and then continue to use it. refresh_token is not currently not supported.
0

douglasmolon@gmail.com created one year ago

hi

We are unsure if the microservices request a new token with every HTTP request or if they continue using the same token until it expires and then obtain a new using refresh token.

It will request a token, cache it, and then continue to use it. refresh_token is not currently not supported.

So, when does he know he needs a new one? Apparently it's not getting it when the first expires. If we keep the default expiration (1 hour) the problem won't occur.
0
liangshiwei created one year ago
Support Team Fullstack Developer
Hi,

Refresh_token is not currently not supported.

You can configure the CacheAbsoluteExpiration to 9mins: https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.IdentityModel/Volo/Abp/IdentityModel/IdentityClientConfiguration.cs#L82

It will get a new access_token in 9 minutes.

For example:

"IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "BookStore_OrderService", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", "Scope": "ProductService", "CacheAbsoluteExpiration": 540 } }

Have an answer to this question? Log in and write your answer.