我开发与IdentityServer3使用Web API。
I am developing a web api for use with IdentityServer3.
我有服务器和Web API运行,但我有麻烦搞清楚如何让用户从移动应用到服务器登录。
I have the server and the web api running, but I am having trouble figuring out how to have users login from a mobile app to the server.
我的问题是:如果我有身份的服务器启用隐流,如何在用户从提琴手一样的工具在签名验证成功接受他们的标记
My question is this: if I have implicit flow enabled for the identity server, how do users sign in from a tool like fiddler to receive their tokens upon successful authentication?
我知道令牌端点是:
https://开头myidservername /识别/连接/令牌
我也知道,授权endpoing是: https://开头myidservername /识别/连接/授权
I also know that the authorization endpoing is: myidservername/identity/connect/authorization
不过,在哪里用户登录?我一定要创建我自己的看法,供用户能够通过用户名和密码,并获得令牌?更具体地讲,我的问题是如何从提琴手从专用的观测迹象,并不意味着我必须呈现给用户。
But where do users sign in? Do I have to create my own view for users to be able to pass a username and password and receive a token? More specifically, my question is how to sign in from fiddler, not from a dedicated view that I would have to render to users.
推荐答案IdentityServer是一个全功能于一身的OpenID + OAuth的2实现,为此隐流动完全是由IdentityServer本身处理使用的授权端点认证请求和令牌发放过程之间的桥梁。
IdentityServer is an all-in-one OpenID+OAuth 2 implementation, for this reason Implicit Flow is entirely handled by IdentityServer itself using the authorize endpoint as bridge between an authentication request and the token issuing process.
隐流的性质不会允许客户端,如提琴手(特别是客户端不能直接呈现网页)进行身份验证。为了进一步理解为什么我会尽量重现在Web API / IdentityServer情景隐含的OAuth授予的步骤:
The nature of Implicit Flow do not allows client such as Fiddler (specifically clients that cannot render directly a web page) to authenticate. To further understand why I will try to reproduce the steps of OAuth Implicit grant in a Web API/IdentityServer scenario:
正如你所看到的,你没有办法验证客户端无法本身呈现在第4步返回对于那些类客户的资源所有者凭证的登录页面流量可能是一个更好的解决方案。
As you can see, you have no way to authenticate a client that cannot inherently render the login page returned in step 4. For those class of clients Resource Owner Credentials Flow may be a better solution.
您需要启用这种津贴为IdentityServer里面配置你的客户(您可以按照本教程,以了解如何),然后制定适合在标记端点设置 grant_type 到的请求密码和提供所需的所有其他参数的。
You need to enable such grant for your client inside IdentityServer configuration (you may follow this tutorial to find out how), and then craft a request for the token endpoint setting grant_type to password and providing all other required parameters.
更多推荐
如何使用IdentityServer3进行登录吗?
发布评论