msal auzer 强制刷新获取令牌

背景:msal auzer token 过期时间微软默认事60至90分钟,普遍取中间值,现渗透测试部分(Qtester)要求30分token 过期。且不可使用msal的安全机制。

解决方案:'

后端 ,解析token 获取发证时间 iat或nbf计算token 过期时间

msal token 都是提前生产好的。为了解决高并发,所以这里获取的token 大概事5分钟前生成的。

**前端,**前置刷新token ,我在官网找了半天也没找到。还是在源码找到的

刷新token 的 api【 acquireTokenSilent】

源码:

1、点击acquireTokenSilent进入如图代码

再点击SilentRequest

javascript 复制代码
import { AccountInfo, CommonSilentFlowRequest, StringDict } from "@azure/msal-common";
import { CacheLookupPolicy } from "../utils/BrowserConstants";
/**
 * SilentRequest: Request object passed by user to retrieve tokens from the
 * cache, renew an expired token with a refresh token, or retrieve a code (first leg of authorization code grant flow)
 * in a hidden iframe.
 *
 * - scopes                 - Array of scopes the application is requesting access to.
 * - authority              - Url of the authority which the application acquires tokens from.
 * - correlationId          - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
 * - account                - Account entity to lookup the credentials.
 * - forceRefresh           - Forces silent requests to make network calls if true.
 * - extraQueryParameters   - String to string map of custom query parameters added to the /authorize call. Only used when renewing the refresh token.
 * - tokenQueryParameters   - String to string map of custom query parameters added to the /token call. Only used when renewing access tokens.
 * - redirectUri            - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. Only used for cases where refresh token is expired.
 * - cacheLookupPolicy      - Enum of different ways the silent token can be retrieved.
 * - prompt                 - Indicates the type of user interaction that is required.
 *          none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error
 *          no_session: will not read existing session token when authenticating the user. Upon user being successfully authenticated, EVO won't create a new session for the user. FOR INTERNAL USE ONLY.
 */
export declare type SilentRequest = Omit<CommonSilentFlowRequest, "authority" | "correlationId" | "forceRefresh" | "account" | "requestedClaimsHash"> & {
    redirectUri?: string;
    extraQueryParameters?: StringDict;
    authority?: string;
    account?: AccountInfo;
    correlationId?: string;
    forceRefresh?: boolean;
    cacheLookupPolicy?: CacheLookupPolicy;
    prompt?: string;
};
//# sourceMappingURL=SilentRequest.d.ts.map

实现代码

javascript 复制代码
export const onAcquireTokenSilent = async (dispatch,userInfo) => {
  // 通过用户名获取用户信息
  const account = msalInstance.getAccountByUsername(userInfo?.username);
  const accessTokenRequest = {
    scopes: [process.env.SCOPE],
    account: account,
    forceRefresh :true //  - forceRefresh - Forces silent requests to make network calls if true.
  };
  // 有了用户信息可以获取token
  const accessTokenResponse = await msalInstance.acquireTokenSilent(accessTokenRequest);
  if(accessTokenResponse && accessTokenResponse?.accessToken){

    const accessToken = accessTokenResponse.accessToken;
  return accessToken;
  }

};

这样就实现强制刷新。。

相关推荐
汤姆小白35 分钟前
01-环境搭建与项目导览
人工智能·python·机器学习·numpy
Lhappy嘻嘻5 小时前
Java IO|File 文件操作 + 字节流 / 字符流完整笔记 + 递归删除文件实战
java·笔记·php
To_OC5 小时前
手写 AI 编程 Agent 的命令执行工具:我被 child_process 坑出来的实战经验
后端·node.js·agent
胡萝卜术5 小时前
从API调用到手写LRU:力扣146「LRU缓存」的哈希表+双向链表终极进化之路
前端·javascript·面试
科技道人5 小时前
记录 默认置灰/禁用 app ‘Search Engine Selector‘ 的disable按钮
开发语言·前端·javascript
伊玛目的门徒5 小时前
试用leetcode之典中典 二数之和问题
java·算法·leetcode
天疆说5 小时前
Zotero Connector 在 Edge 里找不到桌面 Zotero(Linux / Zotero 9.0.6 / Edge 150)
linux·前端·edge
李伟_Li慢慢6 小时前
02-从硬件说起WebGL
前端·three.js
向日的葵0067 小时前
langchain的Tools教程(三)
python·langchain·tools
逝水无殇7 小时前
C# 异常处理详解
开发语言·后端·c#