我正在尝试访问与IdentityServer3一起使用的令牌URL.服务器是通过以下方式配置的:
var options = new IdentityServerOptions { LoggingOptions = new LoggingOptions { WebApiDiagnosticsIsVerbose = true, EnableWebApiDiagnostics = true, EnableHttpLogging = true, EnableKatanaLogging= true }, Factory = new IdentityServerServiceFactory() .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(Scopes.Get()) .UseInMemoryUsers(Users.Get()), RequireSsl = false, EnableWelcomePage = false, }; app.UseIdentityServer(options);客户端配置:
new Client { Enabled = true, ClientName = "JS Client", ClientId = "js", Flow = Flows.Implicit, RedirectUris = new List<string> { "localhost:56522" }, AllowedCorsOrigins = new List<string> { "localhost:56522" }, AllowAccessToAllScopes = true }尝试将以下HTTP请求发布到令牌端点:
Content-Type:application/x-www-form-urlencoded grant_type:password redirect_uri:localhost:56522 client_id:js username:bob password:secret scope:api我收到无效的客户端错误消息,并显示日志: 操作返回了'IdentityServer3.Core.Results.TokenErrorResult'',Operation = ReflectedHttpActionDescriptor.ExecuteAsync
有什么主意我还想念什么?
解决方案您的请求正在使用password授予类型,这是OAuth资源所有者流,但您的客户端已配置为使用OpenID Connect隐式流. /p>
要么更改您的客户端配置以使用资源所有者"流,要么将您的请求更改为有效的OpenID Connect请求.
例如:GET /connect/authorize?client_id=js&scope=openid api&response_type=id_token token&redirect_uri=localhost:56522&state=abc&nonce=xyz.这将带您进入登录页面.
或更妙的是,使用建议的@Jenan之类的JavaScipt库,例如 IdentityModel oidc-客户为您处理这些请求.
I am trying to access token URL working with IdentityServer3. The Server is configured the following way:
var options = new IdentityServerOptions { LoggingOptions = new LoggingOptions { WebApiDiagnosticsIsVerbose = true, EnableWebApiDiagnostics = true, EnableHttpLogging = true, EnableKatanaLogging= true }, Factory = new IdentityServerServiceFactory() .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(Scopes.Get()) .UseInMemoryUsers(Users.Get()), RequireSsl = false, EnableWelcomePage = false, }; app.UseIdentityServer(options);The client configuration:
new Client { Enabled = true, ClientName = "JS Client", ClientId = "js", Flow = Flows.Implicit, RedirectUris = new List<string> { "localhost:56522" }, AllowedCorsOrigins = new List<string> { "localhost:56522" }, AllowAccessToAllScopes = true }Trying to POST the following HTTP request to token endpoint:
Content-Type:application/x-www-form-urlencoded grant_type:password redirect_uri:localhost:56522 client_id:js username:bob password:secret scope:apiI get Invalid client error message and log shows: Action returned 'IdentityServer3.Core.Results.TokenErrorResult'', Operation=ReflectedHttpActionDescriptor.ExecuteAsync
Any ideas what do I still miss?
解决方案Your request is using the password grant type, which is the OAuth Resource Owner flow, but your client is configured to use the OpenID Connect Implicit flow.
Either change your client configuration to use the Resource Owner flow, or change your request to be a valid OpenID Connect request.
For example: GET /connect/authorize?client_id=js&scope=openid api&response_type=id_token token&redirect_uri=localhost:56522&state=abc&nonce=xyz. This will take you to a login page.
Or better yet, use a JavaScipt library like @Jenan suggested, such as the IdentityModel oidc-client which handles these requests for you.
更多推荐
IdentityServer3,隐式流,如何获取令牌?
发布评论