IdentityServer4 (4) 静默刷新(Implicit)

new Client{       ClientId="mvc client implicit", //客户端Id       ClientName="测试客户端 Implicit", //客户端名称 随便写       //Implicit 模式 因为token 是通过浏览器发送给客户端的，这里必须启用      AllowAccessTokensViaBrowser=true,       AllowedGrantTypes=GrantTypes.Implicit,//验证模式        RedirectUris = {           "http://localhost:5003/callback.html",            // AccessToken 有效期比较短，刷新 AccessToken 的页面           "http://localhost:5003/silentref.html",       },       //是否需要用户点击同意，这里需要设置为 false，不然客户端静默刷新不可用       RequireConsent=false,       AllowedCorsOrigins={ "http://localhost:5003" },       //注销重定向的url       PostLogoutRedirectUris = { "http://localhost:5003" },       AccessTokenLifetime=10,        //客户端访问权限       AllowedScopes =       {           "api1",           IdentityServerConstants.StandardScopes.OpenId,           IdentityServerConstants.StandardScopes.Email,           IdentityServerConstants.StandardScopes.Address,           IdentityServerConstants.StandardScopes.Phone,           IdentityServerConstants.StandardScopes.Profile       }   },

<style>    .box {        height: 200px;        overflow: auto;        border: 1px solid #ccc    }    .btn-box {        margin-top: 10px;    }        .btn-box button {            margin-right: 10px;        }</style><div class="row btn-box">    <button class="btn btn-primary" onclick="login()">登陆 Implicit</button>    <button class="btn btn-primary" onclick="getuser()">获取 User Implicit</button>    <button class="btn btn-primary" onclick="getapi()">测试 API Implicit</button>    <button class="btn btn-primary" onclick="removeUser()">清除 User Implicit</button>    <button class="btn btn-primary" onclick="iframeSignin()">刷新 User Implicit</button></div><hr /><div class="row">    <h3>User:</h3>    <div id="userinfo" class="col-md-12 box">    </div></div><div class="row">    <h3>API:</h3>    <div id="apiresult" class="col-md-12 box">    </div></div>@section Scripts{    <script src="~/lib/oidc/oidc-client.min.js"></script>    <script type="text/javascript">        Oidc.Log.logger = window.console;        Oidc.Log.level = Oidc.Log.DEBUG;        var log = function (msg) { console.log(msg); }        var testconfig = {            authority: "http://localhost:5002",            client_id: "mvc client implicit",            redirect_uri: "http://localhost:5003/callback.html",            response_type: "id_token token",            scope: "api1 openid email phone address profile",            clockSkew: 0,            //启用静默刷新token            silent_redirect_uri: "http://localhost:5003/silentref.html",            automaticSilentRenew: true,        };        var mgr = new Oidc.UserManager(testconfig);        mgr.events.addUserLoaded(function (user) {            console.log("user loaded", user);            mgr.getUser().then(function () {                console.log("getUser loaded user after userLoaded event fired");            });        });        mgr.events.addUserUnloaded(function () {            console.log("user unloaded");        });        mgr.events.addAccessTokenExpiring(function () {            log("Access token expiring..." + new Date());        });        mgr.events.addSilentRenewError(function (err) {            log("Silent renew error: " + err.message);        });        mgr.events.addUserSignedOut(function () {            log("User signed out of OP");            mgr.removeUser();        });        var login = function () {            mgr.signinRedirect();        };        var getuser = function () {            mgr.getUser().then(function (user) {                log("got user");                $('#userinfo').html(JSON.stringify(user));            }).catch(function (err) {                log(err);            });        };        var removeUser = function () {            mgr.removeUser().then(function () {                log("user removed");            }).catch(function (err) {                log(err);            });        }        var iframeSignin = function () {            mgr.signinSilent().then(function (user) {                log("signed in", user);            }).catch(function (err) {                log(err);            });        }        var getapi = function (token) {            mgr.getUser().then(function (user) {                log("get user success");                document.getElementById('userinfo').innerHTML = JSON.stringify(user);                var settings = {                    url: 'http://localhost:5001/api/suibian',                    beforeSend: function (xhr) {                        xhr.setRequestHeader('Authorization', 'Bearer ' + user.access_token)                        console.log("beforeSend", xhr)                    },                    success: function (res) {                        console.log("api result success:", res);                        $('#apiresult').html(JSON.stringify(res));                    }, error: function (res) {                        console.log("api result error:", res);                        $('#apiresult').html(res.responseText);                    }                }                $.ajax(settings);            }).catch(function (err) {                log(err);            });        };     </script>}

<!DOCTYPE html><html><head>    <meta charset="utf-8" />    <title>Oidc-Client</title>    <script src="lib/oidc/oidc-client.min.js"></script></head><body>    登陆中...</body></html><script>    new Oidc.UserManager().signinRedirectCallback().then(function (user) {        //console.log("signin response success");        //console.log(user)        //document.getElementById("message").innerText = JSON.stringify(user);        location.href = "/home";    }).catch(function (err) {        console.log(err);    });</script>

<!DOCTYPE html><html><head>    <meta charset="utf-8" />    <title>Oidc-Client</title></head><body>    <h1>Silent.html</h1></body></html><script src="lib/oidc/oidc-client.min.js"></script><script>    new Oidc.UserManager().signinSilentCallback()        .catch((err) => {            console.log("refresh", err);        });</script>

services.AddCors(options =>   {       options.AddPolicy("client1", policy =>       {           //客户端地址           policy.WithOrigins("http://localhost:5003");           policy.AllowAnyHeader();           policy.AllowAnyMethod();       });   });   JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();   services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)   .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>   {       // IdentityServer 地址       options.Authority = "http://localhost:5002";       //不需要https       options.RequireHttpsMetadata = false;       //这里要和 IdentityServer 定义的 api1 保持一致       options.Audience = "api1";       //token 默认容忍5分钟过期时间偏移，这里设置为0，       //这里就是为什么定义客户端设置了过期时间为5秒，过期后仍可以访问数据       options.TokenValidationParameters.ClockSkew = TimeSpan.Zero;       options.Events = new JwtBearerEvents       {           //AccessToken 验证失败           OnChallenge = op =>           {               //跳过所有默认操作               op.HandleResponse();               //下面是自定义返回消息               //op.Response.Headers.Add("token", "401");               op.Response.ContentType = "application/json";               op.Response.StatusCode = StatusCodes.Status401Unauthorized;               op.Response.WriteAsync(JsonConvert.SerializeObject(new               {                   status = StatusCodes.Status401Unauthorized,                   msg = "token无效",                   error = op.Error               }));               return Task.CompletedTask;           }       };   });

app.UseStaticFiles();   //这里注意 一定要在 UseMvc前面，顺序不可改变   app.UseAuthentication();   app.UseCors("client1");