.net core 输入用户名和密码实现授权码流
我是Identity Server 4的新手。 我正在部署一个包含三个项目的解决方案:控制台应用程序、web api和Identity Server 4。 我想在我的控制台应用程序中获得一个输入用户名和密码的访问令牌。 我问,如果不使用资源所有者密码流,而只使用混合流,是否可以做到这一点?如何在控制台应用程序中执行此操作 更新问题 我正在部署一个控制台应用程序来模拟作为最终目标的本机应用程序。在阅读了几个文档之后,我决定使用授权代码流,这正是我的案例所需要的 问题是用户(在本例中是我的控制台应用程序)必须输入用户名和密码才能进行身份验证。但我使用授权码认证客户机,而不是用户。对吧? 我这样说是因为我无法将用户名和密码发送到授权端点以获取授权代码 在使用授权代码流对客户端进行身份验证,然后使用资源所有者密码流对用户进行身份验证之前,我是否必须执行以下操作?.net core 输入用户名和密码实现授权码流,.net-core,identityserver4,.net Core,Identityserver4,我是Identity Server 4的新手。 我正在部署一个包含三个项目的解决方案:控制台应用程序、web api和Identity Server 4。 我想在我的控制台应用程序中获得一个输入用户名和密码的访问令牌。 我问,如果不使用资源所有者密码流,而只使用混合流,是否可以做到这一点?如何在控制台应用程序中执行此操作 更新问题 我正在部署一个控制台应用程序来模拟作为最终目标的本机应用程序。在阅读了几个文档之后,我决定使用授权代码流,这正是我的案例所需要的 问题是用户(在本例中是我的控制台应用
步骤是什么?让我定义IdentityServer4支持的一些赠款类型和其他术语,以帮助回答这些问题 这是从斯科特·布雷迪和斯科特·布雷迪的 访问令牌() 访问令牌表示授予客户端访问某些受保护资源的权限 资源所有者密码流 客户端直接接收用户名和密码(通常来自用户),并将其传递给授权服务器(IdentityServer4)并接收访问令牌 客户端将没有响应类型,授权服务器上的客户端将定义为:
new Client
{
ClientId = "ResourceOwnerCodeFlowClient",
ClientName = "Resource Owner Code Flow Client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword
//....Other properties to complete the client
}
混合流
这是一个与使用隐式代码流和授权代码流相同的流。
这些将在客户端上定义为响应类型“代码id\u令牌”
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
授权代码流
这用于获取授权码,该授权码通常被交换为身份令牌或访问令牌。这也可用于验证客户端应用程序。这些将在客户端上定义为响应类型'code'
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
隐式流
授权服务器在用户登录到服务器后直接返回访问令牌。这些将在客户端上定义为响应类型“令牌”
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
客户端凭据流
当不需要特定用户时,通常用于机器对机器的身份验证。授权服务器使用访问令牌进行响应。这些将在客户端上定义为响应类型“令牌”
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
回答:
非交互式用户
如果您使用控制台应用程序作为解决方案的最终设计选择,并且没有直接的用户输入,那么它将更像服务一样运行,您应该使用客户端凭据授予类型
交互用户
如果您的用户将以交互方式使用console应用程序,那么请继续使用资源所有者密码流,因为混合流包括授权代码流,将强制在授权服务器上进行登录。让我定义IdentityServer 4支持的一些授权类型和其他术语,以帮助回答问题 这是从斯科特·布雷迪和斯科特·布雷迪的 访问令牌() 访问令牌表示授予客户端访问某些受保护资源的权限 资源所有者密码流 客户端直接接收用户名和密码(通常来自用户),并将其传递给授权服务器(IdentityServer4)并接收访问令牌 客户端将没有响应类型,授权服务器上的客户端将定义为:
new Client
{
ClientId = "ResourceOwnerCodeFlowClient",
ClientName = "Resource Owner Code Flow Client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword
//....Other properties to complete the client
}
混合流
这是一个与使用隐式代码流和授权代码流相同的流。
这些将在客户端上定义为响应类型“代码id\u令牌”
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
授权代码流
这用于获取授权码,该授权码通常被交换为身份令牌或访问令牌。这也可用于验证客户端应用程序。这些将在客户端上定义为响应类型'code'
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
隐式流
授权服务器在用户登录到服务器后直接返回访问令牌。这些将在客户端上定义为响应类型“令牌”
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
客户端凭据流
当不需要特定用户时,通常用于机器对机器的身份验证。授权服务器使用访问令牌进行响应。这些将在客户端上定义为响应类型“令牌”
,在授权服务器上定义为:
new Client
{
ClientId = "HybridCodeFlowClient",
ClientName = "Hybrid Code Flow Client",
AllowedGrantTypes = GrantTypes.Hybrid
//....Other properties to complete the client
}
new Client
{
ClientId = "AuthCodeFlowClient",
ClientName = "Authorizate Code Flow Client",
AllowedGrantTypes = GrantTypes.Code
//....Other properties to complete the client
}
new Client
{
ClientId = "ImplicitCodeFlowClient",
ClientName = "Implicit Code Flow Client",
AllowedGrantTypes = GrantTypes.Implicit
//....Other properties to complete the client
}
new Client
{
ClientId = "ClientCredentialsCodeFlowClient",
ClientName = "Client Credentials Code Flow Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials
//....Other properties to complete the client
}
回答:
非交互式用户
如果您使用控制台应用程序作为解决方案的最终设计选择,并且没有直接的用户输入,那么它将更像服务一样运行,您应该使用客户端凭据授予类型
交互用户
如果您的用户将以交互方式使用console应用程序,那么请继续使用资源所有者密码流,因为混合流包括授权代码流,将强制在授权服务器上进行登录。建议在使用隐式流或混合流及其cer时使用系统浏览器进行身份验证