Raf*_*ack 7 c# openid asp.net-core identityserver4 refresh-token
我在 IdentityServer4 中请求新的刷新令牌时遇到一些问题。身份验证后的某个时间,我从 API 收到未经授权的响应,好的,但是当我尝试请求新的刷新令牌时,我从服务器收到 invalid_grant。我确保设置了offline_access,但仍然遇到问题。这是我的代码:
服务器 Config.cs 中的我的客户端
new Client
{
ClientId = "myclientId",
ClientName = "MyClient",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
ClientSecrets =
{
new Secret("mySecret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowOfflineAccess = true,
UpdateAccessTokenClaimsOnRefresh = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
...
}
}
来自 MVCclient 的我的 Startup.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AccessDeniedPath = "/Home/Error403"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = Configuration["Identity.Url"],
RequireHttpsMetadata = false,
ClientId = Configuration["ClientId"],
ClientSecret = Configuration["ClientSecret"],
ResponseType = "code id_token",
Scope = { "openid profile offline_access" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
});
在这里我得到 invalid_grant
var disco = await DiscoveryClient.GetAsync(Configuration["Identity.Url"]);
if (disco.IsError) throw new Exception(disco.Error);
var tokenClient = new TokenClient(disco.TokenEndpoint, Configuration["ClientId"],
Configuration["ClientSecret"]);
var rt = await HttpContext.Authentication.GetTokenAsync("refresh_token");
var tokenResult = await tokenClient.RequestRefreshTokenAsync(rt);
tokenResult被分配invalid_grant。我错过了什么吗?
尝试更改 mvc 客户端配置中的这一行
Scope = { "openid", "profile", "offline_access" }
注意每个范围周围的引号
| 归档时间: |
|
| 查看次数: |
12468 次 |
| 最近记录: |