Is there an existing issue for this?
Describe the bug
Currently, there is a lack of consistency between the /login and /refresh endpoints regarding the naming of the refresh token field. While the /login endpoint returns the field with the name refresh_token, the /refresh endpoint expects the field to be named refreshtoken (without an underscore). This inconsistency in field naming can lead to confusion and may result in errors when attempting to use the /refresh endpoint.
Expected Behavior
Both the /login and /refresh endpoints should consistently use the same field name for the refresh token. It is probably because the JsonPropertyName attribute is missing in the request model of the /refresh endpoint.
|
internal sealed class RefreshRequest |
|
{ |
|
public required string RefreshToken { get; init; } |
|
} |
Steps To Reproduce
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
builder.Services
.AddAuthentication()
.AddIdentityBearerToken<IdentityUser>();
builder.Services
.AddIdentity<IdentityUser, IdentityRole>()
.AddApiEndpoints()
.AddEntityFrameworkStores<IdentityDbContext>();
builder.Services.AddDbContext<IdentityDbContext>(options =>
{
options.UseSqlServer("Data Source=(LocalDb)\\MSSQLLocalDB;Initial Catalog=Identity;Integrated Security=SSPI;", b => b.MigrationsAssembly("WebApplication1"));
});
var app = builder.Build();
app.MapIdentityApi<IdentityUser>();
app.Run();/login request:
curl --location 'https://localhost:7042/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "john@domain.net",
"password": "Password1234!"
}'
/login response:
{
"token_type": "Bearer",
"access_token": "CfDJ8BWcIFpA3QRIpFn4fo6KC...",
"expires_in": 3600,
"refresh_token": "CfDJ8BWcIFpA3QRIpFn4fo6KC..."
}/refresh request:
curl --location 'https://localhost:7042/refresh' \
--header 'Content-Type: application/json' \
--data '{
"refreshtoken": "CfDJ8BWcIFpA3QRIpFn4fo6KC..."
}'
Exceptions (if any)
No response
.NET Version
8.0.100-preview.6.23330.14
Anything else?
No response
Is there an existing issue for this?
Describe the bug
Currently, there is a lack of consistency between the /login and /refresh endpoints regarding the naming of the refresh token field. While the /login endpoint returns the field with the name
refresh_token, the /refresh endpoint expects the field to be namedrefreshtoken(without an underscore). This inconsistency in field naming can lead to confusion and may result in errors when attempting to use the /refresh endpoint.Expected Behavior
Both the /login and /refresh endpoints should consistently use the same field name for the refresh token. It is probably because the
JsonPropertyNameattribute is missing in the request model of the /refresh endpoint.aspnetcore/src/Identity/Core/src/DTO/RefreshRequest.cs
Lines 6 to 9 in 84bd0ec
Steps To Reproduce
/login request:
/login response:
{ "token_type": "Bearer", "access_token": "CfDJ8BWcIFpA3QRIpFn4fo6KC...", "expires_in": 3600, "refresh_token": "CfDJ8BWcIFpA3QRIpFn4fo6KC..." }/refresh request:
Exceptions (if any)
No response
.NET Version
8.0.100-preview.6.23330.14
Anything else?
No response