我无法理解 JWT 令牌的生命周期。
- IdentityTokenLifetime(以秒为单位的身份令牌的生命周期(默认为 300 秒/5 分钟)
= 120 / 60 = 2 分钟
IdentityTokenLifetime
的目的是什么?
- accessTokenLifetime(访问令牌的生命周期以秒为单位(默认为 3600 秒/1 小时)
= 120 / 60 = 2 分钟
- SlidingRefreshTokenLifetime(刷新令牌的滑动生命周期,以秒为单位。默认为 1296000 秒/15 天)
= 300 / 60 = 5 分钟
从奇怪的摘要评论信息来看,我真的不明白 JWT 令牌在几分钟内存活了多久。
public static IEnumerable<Client> getclients(IConfiguration configuration) =>
new List<Client>
{
new()
{
ClientName = configuration["AuthConfiguration:ClientName"],ClientId = configuration["AuthConfiguration:ClientId"],ClientSecrets = { new Secret(configuration["AuthConfiguration:ClientSecret"].Sha256()) },AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordandClientCredentials,accessTokenType = accessTokenType.Jwt,AllowOfflineaccess = true,accessTokenLifetime = 120,IdentityTokenLifetime = 120,UpdateaccessTokenClaimsOnRefresh = true,SlidingRefreshTokenLifetime = 300,RefreshTokenExpiration = TokenExpiration.Absolute,RefreshTokenUsage = TokenUsage.OneTimeonly,AlwaysSendClientClaims = true,AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,IdentityServerConstants.StandardScopes.Profile,IdentityServerConstants.StandardScopes.Offlineaccess,configuration["AuthConfiguration:ApiName"]
}
}
};