不行,使用CheckTokenExpiration会导致用户在不登录的情况下,直接访问内部地址,而IntrospectAccessToken不会
openiddict 多个应用,多个app地址,单点登录 appurl /signin-oidc
[OpenIddict.Server.OpenIddictServerDispatcher] The introspection request was rejected because the access token was issued to a different client or for another resource server.
整体站点采用http,单点登录 cookie 共享
[OpenIddict.Server.OpenIddictServerDispatcher] The introspection request was rejected because the access token was issued to a different client or for another resource server.
[2026-01-07 16:51:58.183 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] Potentially sensitive application claims were excluded from the introspection response as the client 'EAP' was not explicitly listed as an audience.
[2026-01-07 16:51:58.183 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The response was successfully returned as a JSON document: { "active": true, "iss": "http://10.166.0.106:44390/", "sub": "4d75bb07-b3de-0147-7a5c-3a1d3c88d0e8", "jti": "b66835b5-f0ab-45bd-afec-7d85e4b91e81", "token_type": "Bearer", "token_usage": "access_token", "client_id": "EAP", "iat": 1767804690, "nbf": 1767804690, "exp": 1767808290, "aud": "ControlCenter" }. [2026-01-07 16:51:58.184 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/connect/introspect - 200 327 application/json;charset=UTF-8 18.7682ms [2026-01-07 16:51:59.429 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - application/json; charset=utf-8 null [2026-01-07 16:51:59.430 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - 200 0 null 0.7973ms [2026-01-07 16:52:00.706 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - application/json; charset=utf-8 null [2026-01-07 16:52:00.707 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - 200 0 null 1.1336ms [2026-01-07 16:52:02.388 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - application/json; charset=utf-8 null [2026-01-07 16:52:02.389 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - 200 0 null 0.9464ms [2026-01-07 16:52:02.443 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/connect/introspect - application/x-www-form-urlencoded 1339 [2026-01-07 16:52:02.444 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The request URI matched a server endpoint: "Introspection". [2026-01-07 16:52:02.444 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The introspection request was successfully extracted: { "token": "[redacted]", "client_id": "EMS", "client_secret": "[redacted]" }. [2026-01-07 16:52:02.465 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The response was successfully returned as a JSON document: { "active": false }.
Potentially sensitive application claims were excluded from the introspection response as the client 'EAP' was not explicitly listed as an audience.
[OpenIddict.Server.OpenIddictServerDispatcher] The response was successfully returned as a JSON document: {
"active": false
}.
The access_token is not active.
IntrospectAccessToken 在什么情况下使用
1 FeatureManagementModal、PermissionManagementModal等时,没有带上参数吧 MvcCurrentApplicationConfigurationCacheResetEventHandler实现,CurrentUser 是当前操作人吧 await LocalEventBus.PublishAsync( new CurrentApplicationConfigurationCacheResetEventData() ); 2 User => Test, 单一角色权限【用户管理、角色管理】,admin取消角色管理权限,test 5分钟生效。 User =>admin, 单一角色权限【用户管理、角色管理】,admin取消角色管理,刷新页面立刻生效。
3 2 User => Test, 多角色权限 Role1【用户管理】、Role2角色管理,admin取消Test的Role2角色,test 后台5分钟生效,菜单不消失,访问403。
