.net core identity server 4 api客户端不断重复401未经授权
我有3个不同的项目.net core identity server 4 api客户端不断重复401未经授权,.net-core,oauth-2.0,identityserver4,.net Core,Oauth 2.0,Identityserver4,我有3个不同的项目 身份服务器 Api服务器(负责为客户端提供Api) 客户端服务器(负责表示) 为了制作一个安全的webapp,我决定使用identity server。我的身份配置如下 public static class Config { public static IEnumerable<IdentityResource> IdentityResources => new IdentityResource[] {
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
new IdentityResource[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
public static IEnumerable<ApiResource> ApiResources =>
new ApiResource[]
{
new ApiResource(name: "web-api-rms", displayName: "Web API RMS")
};
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("web-rms"),
new ApiScope("web-api-rms"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
new Client
{
ClientId = "web-rms",
ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "http://localhost:1901/signin-oidc" },
FrontChannelLogoutUri = "http://localhost:1901/signout-oidc",
PostLogoutRedirectUris = { "http://localhost:1901/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "web-rms", "web-api-rms" }
}
};
}
}
services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.Authority = "https://localhost:5001/";
options.RequireHttpsMetadata = true;
options.Audience = "web-api-rms";
});
现在的问题是,每当我尝试使用承载令牌访问API时,它总是返回一个未经授权的消息
我如何解决它???API中的日志说明了什么?我找到了答案。我只是忘了在ApiResources上添加作用域