IdentityServer4 - 卡在连接/授权/回调？client_id=

Question

我已经成功地从本地主机中的服务器获取声明和访问令牌，但是当我将相同的代码移动到使用 SSL 的生产时，它似乎卡在连接/授权/回调？client_id=，它应该重定向到我的 www .something.com.my/Secure 页面，但是它似乎在登录 Google 后停留在连接/授权

这是我的配置

public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();

        services.AddIdentityServer()
            //.AddDeveloperSigningCredential()
            .AddInMemoryClients(ConfigureIdentityServer.GetClients())
            .AddInMemoryIdentityResources(ConfigureIdentityServer.GetIdentityResources())
            .AddProfileService<UserProfileService>();

        services.AddSingleton<IUserStore, UserStore>();

        services.AddTransient<IPersistedGrantStore, PersistedGrantStore>();

        //Added for custom claims
        services.AddTransient<IProfileService, UserProfileService>();

        services.AddAuthentication()
            .AddGoogle("Google", options =>
            {
                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                //Dev and Prod share same keys
                options.ClientId = "xxx.apps.googleusercontent.com";
                options.ClientSecret = "xxx";

                options.Scope.Add("https://www.googleapis.com/auth/plus.me");
                //options.Scope.Add("https://www.googleapis.com/auth/userinfo.profile");

            })
            .AddFacebook("Facebook", options =>
            {
                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                //Dev
                //options.ClientId = "xxx";
                //options.ClientSecret = "xxx";

                //Prod
                options.ClientId = "xxx";
                options.ClientSecret = "xxx";


            });
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if(env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();

            try
            {
                var configuration = app.ApplicationServices.GetService<TelemetryConfiguration>();
                configuration.DisableTelemetry = true;
            }
            catch { }
        }

        app.UseIdentityServer(); // includes a call to UseAuthentication

        app.UseStaticFiles();
        app.UseMvcWithDefaultRoute();
    }

客户端启动.cs

public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();

        //DB Connection here
        var connection = Configuration.GetConnectionString("DatabaseConnection");
        services.AddDbContext<DatabaseContext>(options => options.UseMySql(connection));

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = "oidc";
        })
        .AddCookie("Cookies")

        .AddOpenIdConnect("oidc", options =>
        {
            options.SignInScheme = "Cookies";
            //options.Authority = "http://localhost:63889";
            //options.RequireHttpsMetadata = false;

            options.Authority = "https://www.something.com.my/api";
            options.RequireHttpsMetadata = true;

            options.ClientId = "OnlineForm.Client";
            options.ClientSecret = "xxx";
            options.ResponseType = "code id_token";
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;

        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseAuthentication();
        app.UseStaticFiles();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

和配置

public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {
            new Client
            {
                ClientId = "OnlineForm.Client",
                ClientName = "www.something.com.my",
                //ClientUri = "http://localhost:63888",
                ClientUri = "https://www.something.com.my",
                AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
                ClientSecrets = {new Secret("xxx".Sha256())},
                RequireConsent = false,
                AllowRememberConsent = false,
                //AllowOfflineAccess = true,

                //RedirectUris = { "http://localhost:63888/signin-oidc"}, // after login
                //PostLogoutRedirectUris = { "http://localhost:63888/signout-callback-oidc"}, // after logout

                RedirectUris = { "https://www.something.com.my/signin-oidc", "https://www.something.com.my/Secure" }, // after login
                PostLogoutRedirectUris = { "https://www.something.com.my/signout-callback-oidc"}, // after logout

                AlwaysIncludeUserClaimsInIdToken = true,
                UpdateAccessTokenClaimsOnRefresh = true,

                AllowedScopes = new List<string>
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,
                    IdentityServerConstants.StandardScopes.Phone,
                    IdentityServerConstants.StandardScopes.Address,
                    "OnlineForm.Client",
                    "user_birthday",
                    "user_gender",
                }
            }
        };
    }

它可以在localhost中顺利运行，这很有趣也很奇怪。哦，是的，以前我曾尝试在子域 A 和身份服务器上的一个子域 B 上运行客户端，但发生了同样的错误。我似乎无法调试它，有什么想法吗？

客户在 www.something.com.my

IDS 位于 www.something.com.my/api