Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

interface Duende.​IdentityServer.​Services.​IRefreshTokenService

Assembly: Duende.IdentityServer

Handles the lifecycle of refresh tokens, including validation, creation, and rotation. The default implementation is <c>DefaultRefreshTokenService</c> . Rather than implementing this interface from scratch, it is recommended to derive from the default implementation and override its virtual methods — in particular <c>AcceptConsumedTokenAsync</c> — to customize how consumed one-time-use tokens are handled (e.g. to add a grace period for network failures or to treat replay as an attack and revoke access).

Methods

ValidateRefreshTokenAsync​(string token, Models.​Client client, System.​Threading.​CancellationToken ct)
Validates the provided refresh token string against the given client, checking expiry, client binding, and whether the token has been consumed (for one-time-use tokens).
Returns A <see cref="T:Duende.IdentityServer.Validation.TokenValidationResult" /> indicating whether the token is valid. On failure, the result contains an error code and description explaining the reason.
token The raw refresh token handle to validate.
client The client that is presenting the refresh token.
ct The cancellation token.
CreateRefreshTokenAsync​(Models.​RefreshTokenCreationRequest request, System.​Threading.​CancellationToken ct)
Creates a new refresh token for the given request and persists it to the grant store.
Returns The opaque refresh token handle (a string key) that the client should store and present when requesting new access tokens.
request The refresh token creation request containing the subject, access token, and client for which the refresh token is being created.
ct The cancellation token.
UpdateRefreshTokenAsync​(Models.​RefreshTokenUpdateRequest request, System.​Threading.​CancellationToken ct)
Updates an existing refresh token according to the client's token usage policy (e.g. sliding expiration or one-time-use rotation) and persists the changes.
Returns The refresh token handle to return to the client. For sliding or absolute expiration tokens this may be the same handle; for one-time-use tokens a new handle is issued.
request The refresh token update request containing the current token handle, the refresh token model, and the client whose policy governs the update behavior.
ct The cancellation token.