I'm currently making a WPF app and am using Identity Server 4 for authentication stuff. Right now I have it all working so that the user gets a new token when the old one expires using the refresh token:
//request new token
using (var newAccessTokenClient = new HttpClient())
{
var newAccessTokenResponse = await newAccessTokenClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = App.Current.Properties["IdentityServerAPIAddress"].ToString() + "connect/token",
ClientId = "wpf",
ClientSecret = "secret",
GrantType = "refresh_token",
Scope = "openid offline_access WebAPI",
RefreshToken = ReadRefreshToken()
});
if (newAccessTokenResponse.IsError)
{
throw new Exception(newAccessTokenResponse.Exception.ToString());
}
else
{
//refresh token was success, write new tokens
WriteTokens(newAccessTokenResponse.AccessToken, newAccessTokenResponse.RefreshToken);
App.Current.Properties["AccessToken"] = newAccessTokenResponse.AccessToken;
}
}
The problem is whenever it happens a second time, the Identity Server 4 API complains that the refresh token has been used already. How do I get a new refresh token?
I've seen this documentation about an interface I can implement but I don't know how to use it.
Any help is appreciated. Thanks.
when you request a new access-token using your refresh-token, you should get back a new refresh-token in the same response. Do check the request in Fiddler.
you can also control how IdentityServer deals with refresh-tokens using this client setting:
RefreshTokenUsage = TokenUsage.OneTimeOnly,