asp.net - https://localhost:5000/connect/token 400 错误请求 Identity Server Angular 9 OIDC 客户端
问题描述
我正在使用具有以下配置的 Identity Server 4 Mongo DB
private static string apiScope = "IdentityPortal.API";
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "Local",
//ClientName = "Local",
AllowedCorsOrigins = new List<string> { "http://localhost:4200","https://localhost:4200" },
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime=86400,
RequireConsent = false,
UpdateAccessTokenClaimsOnRefresh = true,
RedirectUris = LocalRedirectUris(),
PostLogoutRedirectUris = LocalRedirectUris(),
AllowedScopes = AllowedScopes(),
AllowOfflineAccess = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
}
};
}
private static ICollection<string> AllowedScopes()
{
return new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
apiScope
};
}
角客户端
openID = {
authority: "https://localhost:5000",
client_id: "Local",
redirect_uri: "https://localhost:4200/auth-callback",
post_logout_redirect_uri: "https://localhost:4200",
response_type: "code",
scope : "openid profile email IdentityPortal.API",
silent_redirect_uri: `https://localhost:4200/assets/silent-callback.html`
};
我能够从身份服务器返回到客户端,但是在面临问题的回调组件上
Error: invalid_client
at XMLHttpRequest.s.onload [as __zone_symbol__ON_PROPERTYload] (oidc-client.min.js:1)
at XMLHttpRequest.wrapFn (zone-evergreen.js:1218)
at ZoneDelegate.invokeTask (zone-evergreen.js:399)
at Object.onInvokeTask (core.js:41814)
at ZoneDelegate.invokeTask (zone-evergreen.js:398)
at Zone.runTask (zone-evergreen.js:167)
at ZoneTask.invokeTask [as invoke] (zone-evergreen.js:480)
at invokeTask (zone-evergreen.js:1621)
at XMLHttpRequest.globalZoneAwareCallback (zone-evergreen.js:1658)
发生此错误是由于
const user = await this.authService.completeAuthentication();
async completeAuthentication(): Promise<Oidc.User> {
let user = await new Promise<Oidc.User>((resolve, reject) => {
this.userManager.signinRedirectCallback().then(user => { resolve(user) }).catch(error => { reject(error); });
});
this.user = user;
return this.user;
}
在 chrome 控制台上
https://localhost:5000/connect/token --> 400 错误请求
这是表单数据
解决方案
我需要更改配置设置才能工作
PKCE 已经是本机应用程序和 SPA 的官方推荐 - 随着 ASP.NET Core 3 的发布,OpenID Connect 处理程序也默认支持。
来自身份服务器 4 文档
var client = new Client
{
ClientId = "...",
// set client secret for confidential clients
ClientSecret = { ... },
// ...or turn off for public clients
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true
};
更新客户端配置
new Client
{
ClientId = "Local",
//ClientSecrets = new List<Secret> { secret },
ClientName = "Local",
AllowedCorsOrigins = new List<string> { "http://localhost:4200","https://localhost:4200" },
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime=86400,
RequireConsent = false,
UpdateAccessTokenClaimsOnRefresh = true,
RedirectUris = LocalRedirectUris(),
PostLogoutRedirectUris = LocalRedirectUris(),
AllowedScopes = AllowedScopes(),
AllowOfflineAccess = true,
AccessTokenType = AccessTokenType.Jwt,
RequireClientSecret = false,
RequirePkce = true
}
推荐阅读
- excel-formula - 当一列中的值与另一列中的值匹配时,有关计算唯一IDS数量的Excel问题
- java - 如何获取通过谷歌登录的用户的firebase UID?
- reactjs - 如何正确设置它,这样我就不会对未安装的组件执行状态更新?
- reactjs - React Native App,如何在浏览器上运行?它不是一个世博项目
- ansible - 在 Ansible 中使用条件 when 语句,仅在调用某个版本的包时运行 playbook 中的任务
- javascript - 使用聚合 MongoDB 计算平均值
- linux - 单链中 BPF 过滤器之间的确切关系是什么
- wireshark - 尝试使用 Time Shift 工具时,Wireshark 给出错误
- python - AttributeError:模块'tensorflow_core.compat.v2'没有属性'__internal__'(一周前工作?)
- terraform - Terraform 无法检测到 mongodb .tf 文件中的所有更改