时间戳

首页 > 解决方案 > 在 MAC 上使用 IdentityServer 4 时无法访问 API

asp.net-core - 在 MAC 上使用 IdentityServer 4 时无法访问 API

问题描述

我有 2 个使用 Identity Server 4 的 ASP.NET Core 2.1 应用程序(Auth 和 API)。

在 API 应用程序启动时,我有以下内容:

services
  .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
  .AddIdentityServerAuthentication(x => 
    x.ApiName = "api";
    x.Authority = "https://localhost:5005";
    x.RequireHttpsMetadata = false;
  });

在 Auth 应用程序启动时,我有以下配置:

services
  .AddIdentityServer()
  .AddDeveloperSigningCredential()
  .AddInMemoryIdentityResources(Config.GetIdentityResources())
  .AddInMemoryApiResources(Config.GetApiResources())    
  .AddInMemoryClients(Config.GetClients())
  .AddTestUsers(Config.GetTestUsers());

其中 Config 类如下:

public class Config {

  public static List<ApiResource> GetApiResources() {
    return new List<ApiResource> { 
      new ApiResource("api", "API Resource")
    };
  }

  public static List<IdentityResource> GetIdentityResources() {
    return new List<IdentityResource> { 
      new IdentityResources.OpenId(),
      new IdentityResources.Profile()        
    };
  }    

  public static List<Client> GetClients() {
    return new List<Client> { 
      new Client {      
        ClientId = "app",
        ClientName = "APP Client",        
        ClientSecrets = { new Secret("pass".Sha256()) },
        AllowedGrantTypes = GrantTypes.ClientCredentials,         
        AllowedScopes = { 
          "api"
        }
      }
   }

  public static List<TestUser> GetTestUsers() {
    return new List<TestUser> { 
      new TestUser { 
        SubjectId = "1", 
        Username = "john", 
        Password = "john", 
        Claims = new List<Claim> { new Claim("name", "John") } },
    };
  }

}

使用 Postman,我可以访问.well-known/openid-configuration并创建访问令牌。

但是,当我调用 API 时,出现以下错误:

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3]
Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden by default. 
Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden by default. 
Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'. ---> System.Net.Http.HttpRequestException: 
The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

我跑dotnet dev-certs https --trust;了,本地证书出现在 Mac 钥匙串上。

重要
在 Windows 计算机上,我发布的代码可以正常工作。
我能够访问.well-known/openid-configuration和 API 端点。

我错过了什么?

标签: asp.net-coreidentityserver4

解决方案

推荐阅读