问题
I'm currently trying to implement silent refresh follow this workaround
However, even when I'm logged in, if I try to do an AJAX GET request to the oauth2/authorize endpoint, I get a status of 200. I tried going to the URL in the browser directly, and it worked. Do I need to pass additional information?
Any help would be greatly appreciated, thanks!
回答1:
I ended up solving my own problem and was able to not have to use an iframe.
Solution to original problem (I was using authorization code flow):
- Set up an endpoint on your server with a silent response that FusionAuth can redirect to (endpoint 1).
- Set up an endpoint that you will call from your app to perform the silent refresh (endpoint 2).
- From the app, send AJAX GET request to endpoint 2.
- On the server side of endpoint 2, send AJAX GET request to FusionAuth with
redirect_uri=(endpoint 2) - On success, get redirected url. (In express.js with axios I did
response.request.res.responseUrl) - If the url is current server host and not the fusionauth service host, complete auth code flow. Return the token and tell the browser that the user is logged in.
- In all other cases the user is not logged in, so return to app that user is not logged in.
来源:https://stackoverflow.com/questions/61531844/attempting-to-implement-silent-refresh-with-fusion-auth