Sau*_*ala 8 c# oauth oauth-2.0 identityserver4 asp.net-core-2.0
我正在尝试在.net core 2.0 MVC上设置Identity Server 4 HybridAndClientCredentials。
但是,遇到了错误的客户端无效授予类型错误:隐式,
事件,尽管我已将AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
我已经下载了示例快速入门,并且可以正常运行,但是我找不到自己的代码,缺少了多少行代码。
调试输出:
IdentityServer4.Validation.AuthorizeRequestValidator:
Error: Invalid grant type for client: implicit
{
"ClientId": "consultee",
"ClientName": "consultee Client test",
"RedirectUri": "http://consultee.mi.local:44352/signin-oidc",
"AllowedRedirectUris": [
"http://consultee.mi.local:44352/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "id_token",
"ResponseMode": "form_post",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "CfDJ8KERs5ihv_5Ll9ddYi6Nj5lkLNGQptrJwHqbSD11g27zqVxPcKxLKvbMtd5ab5LPbV15yaCNlHlzpPgRQL4R2XSue8ka_fqLBWFfXad-sRNCyY03JxgL7HZDKDrph-G4hdvRRMvBtXUc0tq2tHd7ZGX7-djehs8aHD6-P_80UfFplHCYkvARV7I64Kb5ki4cFVmLE6G8EbWIUwir6HJpkgK1CbN_IuPtBTjaLZoBOEzpxWTRVaudsD4vZFxdTv4N51ufkn8jy7GPC0pf3xCGInQpA-FziHp681qmiWbCxlp9HuAIZBem-at9dNvC29yRBw4JbcoTSrjuHkq6G6gZtXVh1YuuQYIW9R4wklmlSEX4i8kxM8zJTog98Ce3OFsYnw",
"Raw": {
"client_id": "consultee",
"redirect_uri": "http://consultee.mi.local:44352/signin-oidc",
"response_type": "id_token",
"scope": "openid profile api1 offline_access",
"response_mode": "form_post",
"nonce": "636626718480261618.MDYwZjE0MjMtNzczMi00ZjQ4LTk0NWUtZjQ1ZDNjM2VjZTRhOWI0NWM0MjMtNGM3Ni00ZDA3LWIyZDctMDcwNTc3ZDU0NGYy",
"state": "CfDJ8KERs5ihv_5Ll9ddYi6Nj5lkLNGQptrJwHqbSD11g27zqVxPcKxLKvbMtd5ab5LPbV15yaCNlHlzpPgRQL4R2XSue8ka_fqLBWFfXad-sRNCyY03JxgL7HZDKDrph-G4hdvRRMvBtXUc0tq2tHd7ZGX7-djehs8aHD6-P_80UfFplHCYkvARV7I64Kb5ki4cFVmLE6G8EbWIUwir6HJpkgK1CbN_IuPtBTjaLZoBOEzpxWTRVaudsD4vZFxdTv4N51ufkn8jy7GPC0pf3xCGInQpA-FziHp681qmiWbCxlp9HuAIZBem-at9dNvC29yRBw4JbcoTSrjuHkq6G6gZtXVh1YuuQYIW9R4wklmlSEX4i8kxM8zJTog98Ce3OFsYnw",
"x-client-SKU": "ID_NET",
"x-client-ver": "2.1.4.0"
}
}
Run Code Online (Sandbox Code Playgroud)
客户
new Client
{
ClientId = "consultee",
ClientName = "consultee Client test",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://consultee.mi.local:44352/signin-oidc" },
PostLogoutRedirectUris = { "http://consultee.mi.local:44352/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true,
AllowAccessTokensViaBrowser = true,
}
Run Code Online (Sandbox Code Playgroud)
客户端的ConfigurationService
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = Configuration["identityServerUri"];
options.RequireHttpsMetadata = false;
options.ClientId = "consultee";
options.ClientSecret = "secret";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
}
Run Code Online (Sandbox Code Playgroud)
IdServer上的ConfigurationService
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers());
services.AddAuthentication();
}
Run Code Online (Sandbox Code Playgroud)
DaI*_*mTo 10
日志告诉您问题所在
错误:无效的客户授权类型:隐式
您以隐式客户端身份登录。
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = Configuration["identityServerUri"];
options.RequireHttpsMetadata = false;
options.ClientId = "consultee";
options.ClientSecret = "secret";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
Run Code Online (Sandbox Code Playgroud)
您已经在身份服务器中配置了混合客户端
new Client
{
ClientId = "consultee",
ClientName = "consultee Client test",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://consultee.migrology.local:44352/signin-oidc" },
PostLogoutRedirectUris = { "http://consultee.migrology.local:44352/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true,
AllowAccessTokensViaBrowser = true,
}
Run Code Online (Sandbox Code Playgroud)
因此服务器不会允许您执行此操作。您需要更改代码以混合登录,或者将您的客户端更改为隐式客户端。
改为混合动力
为了将隐式登录更改为混合登录,您需要更改一些内容。
归档时间: |
|
查看次数: |
5944 次 |
最近记录: |