asp.net-core - 如何获取适用于 OpenIddict ClientCredential 授权类型的基本身份验证中的客户端密码?
问题描述
我已经使用 OpenIddict 为 ClientCredentials 配置了一个授权服务器,如下所示。
services.AddOpenIddict()
// Register the OpenIddict core components.
.AddCore(options =>
{
// Configure OpenIddict to use the Entity Framework Core stores and models.
// Note: call ReplaceDefaultEntities() to replace the default entities.
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
// Register the OpenIddict server components.
.AddServer(options =>
{
// Enable the token endpoint.
options.SetTokenEndpointUris("/connect/token");
// Enable the client credentials flow.
options.AllowClientCredentialsFlow();
// Register the signing and encryption credentials.
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
// Register the ASP.NET Core host and configure the ASP.NET Core options.
options.UseAspNetCore()
.EnableTokenEndpointPassthrough();
options.DisableAccessTokenEncryption();
})
// Register the OpenIddict validation components.
.AddValidation(options =>
{
// Import the configuration from the local OpenIddict server instance.
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
当 client_id 和 client_secret 在请求正文中时,我可以获得 access_token。 访问令牌返回
[12:20:27 INF] HTTP POST /connect/token responded 400 in 377.3274 ms
[12:21:22 INF] The request address matched a server endpoint: Token.
[12:21:22 INF] The token request was successfully extracted: {
"grant_type": "client_credentials",
"client_id": "PVHP",
"client_secret": "[redacted]"
}.
但是当 client_id 和 client_secret 在基本授权标头中作为 Base64 编码的 client_id:client_secret 发送时,它不起作用。grant_type=client_credentials 在正文中指定。 使用基本身份验证时出错
[12:21:23 WRN] Client authentication failed for PVHP.
[12:21:23 ERR] The token request was rejected because the confidential application 'PVHP' didn't specify valid client credentials.
[12:21:23 INF] The response was successfully returned as a JSON document: {
"error": "invalid_client",
"error_description": "The specified client credentials are invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2055"
}.
openid 配置文档似乎表明 client_secret_basic 支持
[11:18:01 INF] The response was successfully returned as a JSON document: {
"issuer": "https://localhost:44371/",
"token_endpoint": "https://localhost:44371/connect/token",
"jwks_uri": "https://localhost:44371/.well-known/jwks",
"grant_types_supported": [
"client_credentials"
],
"scopes_supported": [
"openid"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false
}.
设置服务器时我是否错过了任何配置?问候。
解决方案
推荐阅读
- c# - 内容占位符页面未显示在母版页内
- javascript - 无法将值发送到前端
- python - 如何使错误“变量”未定义工作?
- javascript - 使用主题的 Rxjs 在反应文本输入组件上去抖动不会在无状态/功能组件上批量输入文本
- java - 如何更正在 do-while 循环中创建的变量的范围?
- laravel - 在 laravel 中缩短指令
- java - Java 应用程序一次最多可以打开多少个文件?
- kubernetes - 升级 Kubernetes 集群前要做的事情
- javascript - 下载带有数值的制表符?
- java - 我正在尝试从 onOptionsItemSelected 方法打开一个片段