Eri*_*man 8 .net javascript c# identityserver3 angular
所以我有以下设置:
前端:AngularJS App
后端:使用Identity Server的WebApi来验证客户端
在我的后端,我创建了一个新的内存客户端,如下所示:
new Client
{
Enabled = true,
ClientId = "myapp.mycompany",
ClientUri = "https://myapp.mycompany.com",
ClientName = "My Client",
Flow = Flows.Implicit,
AllowAccessToAllScopes = true,
IdentityTokenLifetime = 300,
AccessTokenLifetime = 3600,
RequireConsent = false,
RedirectUris = new List<string>
{
"https://myapp.mycompany.com/assets/idSrv/callback.html",
"https://myapp.mycompany.com/assets/idSrv/silentrefreshframe.html"
},
PostLogoutRedirectUris = new List<string>
{
"https://myapp.mycompany.com/index.html"
}
},
在我的前端,我有以下代码声明客户端,我使用oidc-token-manager.js客户端
var authority = 'https://sts.mycompany.com/identity';
return {
baseUri: protocol,
tokenConfig: {
'client_id': 'myapp.mycompany',
'authority': authority,
'redirect_uri': 'https://myapp.mycompany.com/assets/idSrv/callback.html',
'post_logout_redirect_uri': 'https://myapp.mycompany.com/index.html',
'response_type': 'id_token token',
'scope': 'openid profile roleScope webApiScope',
'silent_redirect_uri': 'https://myapp.mycompany.com/assets/idSrv/silentrefreshframe.html',
'silent_renew': true
},
isDebugging: isDebugging
};
当我尝试访问我的网站时:
我收到以下错误:
客户端应用程序未知或未经授权.
我启用了日志记录,这是我得到的:
"Unknown client or not enabled: myapp.mycompany"
"{
\"RedirectUri\": \"https://myapp.mycompany.com/assets/idSrv/callback.html\",
\"SubjectId\": \"unknown\",
\"Flow\": \"AuthorizationCode\",
\"RequestedScopes\": \"\",
\"Raw\": {
\"state\": \"18141519257414835\",
\"nonce\": \"8585758378803323\",
\"client_id\": \"myapp.mycompany\",
\"redirect_uri\": \"https://myapp.mycompany.com/assets/idSrv/callback.html\",
\"response_type\": \"id_token token\",
\"scope\": \"openid profile roleScope webApiScope\"
}
}"
End authorize request
3001: "Endpoint failure" / "Endpoints" (Failure), Context: EventContext { ..., Details: EndpointDetail { EndpointName: "authorize" }
可能你必须允许你的clientRoot在cors起源,我看到流程是不一样的.
我在客户端配置中看到隐式流,但服务器显示授权代码流!
"myApp": {
"ClientId": "spa-myApp",
"ClientName": "myAppSPA",
"ClientUri": "http://localhost:4200",
"RequireConsent": false,
"AllowedGrantTypes": [ "implicit" ],
"AllowAccessTokensViaBrowser": true,
"RedirectUris": [
"http://localhost:4200/assets/html/popup-login-redirect.html",
"http://localhost:4200/assets/html/silent-refresh-redirect.html"
],
"PostLogoutRedirectUris": [ "http://localhost:4200?postLogout=true" ],
"FrontChannelLogoutUri": "http://localhost:4200?frontchannellogout=true",
"FrontChannelLogoutSessionRequired": true,
"AllowedCorsOrigins": [ "http://localhost:4200" ], // here you have to add your client root
"AllowedScopes": [ "openid", "profile", "qsdqsdqs", "qdqsd" ],
"IdentityTokenLifetime": 18000,
"AccessTokenLifetime": 18000
},