Open Closed

Unauthorized between Microsservices call #5787

User avatar
0
douglasmolon@gmail.com created
  • ABP Framework version: v7.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: Below
  • Steps to reproduce the issue:Below

Hello again! We've set the token generation in the AuthServer as follows in PreConfigureServices:

PreConfigure<OpenIddictServerBuilder>(builder =>
{
    builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
    builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
    builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
    builder.SetAccessTokenLifetime(TimeSpan.FromMinutes(5));
    builder.SetIdentityTokenLifetime(TimeSpan.FromMinutes(5));
    builder.SetRefreshTokenLifetime(TimeSpan.FromMinutes(30));
});

And the TokenCleanup as follows in ConfigureServices:

Configure<TokenCleanupOptions>(options =>
{
    options.CleanupPeriod = 1000 * 60 * 30; // Default: 3,600,000 ms, 1 hour
    options.MinimumAuthorizationLifespan = TimeSpan.FromMinutes(30);
    options.MinimumTokenLifespan = TimeSpan.FromMinutes(30);
});

However, for some reason, the communication between microservices is returning "Unauthorized" after 10 minutes. We are unsure if the microservices request a new token with every HTTP request or if they continue using the same token until it expires and then obtain a new using refresh token. I'm afraid we might have done something wrong. Could you please enlighten us?

Go to accepted answer
4 Answer(s)
  • User Avatar
    0
    douglasmolon@gmail.com created

    Hello! Anyone, please?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We are unsure if the microservices request a new token with every HTTP request or if they continue using the same token until it expires and then obtain a new using refresh token.

    It will request a token, cache it, and then continue to use it. refresh_token is not currently not supported.

  • User Avatar
    0
    douglasmolon@gmail.com created

    hi

    We are unsure if the microservices request a new token with every HTTP request or if they continue using the same token until it expires and then obtain a new using refresh token.

    It will request a token, cache it, and then continue to use it. refresh_token is not currently not supported.

    So, when does he know he needs a new one? Apparently it's not getting it when the first expires. If we keep the default expiration (1 hour) the problem won't occur.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Refresh_token is not currently not supported.

    You can configure the CacheAbsoluteExpiration to 9mins: https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.IdentityModel/Volo/Abp/IdentityModel/IdentityClientConfiguration.cs#L82

    It will get a new access_token in 9 minutes.

    For example:

    "IdentityClients": {
    "Default": {
      "GrantType": "client_credentials", 
      "ClientId": "BookStore_OrderService",
      "ClientSecret": "1q2w3e*",
      "Authority": "https://localhost:44322", 
      "Scope": "ProductService",
      "CacheAbsoluteExpiration": 540
    }
  }
Assignee
User avatar maliming
Labels
Non yet
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11