oauth - code_challenge 缺少 IdentityServer4 (v4.1.2) Mvc 客户端
问题描述
我想Hybrid flow
在我的应用程序中使用。我什RequirePkce
至false
在客户端配置中设置了。我仍然收到错误code_challenge is missing
客户端配置
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
ClientUri = $"{clientsUrl["Mvc"]}",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowAccessTokensViaBrowser = false,
RequirePkce = false,
RequireConsent = false,
AllowOfflineAccess = true,
AlwaysIncludeUserClaimsInIdToken = true,
RedirectUris = new List<string>
{
$"{clientsUrl["Mvc"]}/signin-oidc"
},
PostLogoutRedirectUris = new List<string>
{
$"{clientsUrl["Mvc"]}/signout-callback-oidc"
},
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"things",
"rules"
},
AccessTokenLifetime = 60*60*2, // 2 hours
IdentityTokenLifetime= 60*60*2 // 2 hours
}
MVC 客户端
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = identityUrl.ToString();
options.SignedOutRedirectUri = callBackUrl.ToString();
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.UsePkce = false;
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.RequireHttpsMetadata = false;
options.Scope.Add("openid");
options.Scope.Add("profile");
});
解决方案
您正在使用代码流,我认为它需要 PKCE?
options.ResponseType = "code id_token";
推荐阅读
- c - 使用指针从循环数组中弹出
- python - 与使用 matplotlib 绘制灰度图像的混淆
- reactjs - 即使一切都受到控制,也会出现不受控制的输入错误
- fortran - 逐行分析 Fortran 子例程
- jquery - 是否可以从 data-altFiled 属性动态设置波斯日期选择器的 altField 属性?
- angular - Angular:Mat-expansion-panel 未显示所有字段
- java - Docusign 识别复选框,但无法通过 API 与它们交互
- amazon-web-services - aws s3 可以通过 cli 和控制台上传,但不能通过 nodejs sdk 上传
- python - TypeError:'str'对象不支持项目分配熊猫添加列
- python - 将混合列表转换为字符串