Asp.net core 无法完成oAuth2.0登录
我已经用.net core 2.1应用程序实现了Aspnet.security.openidconnect.server。现在我想测试我的授权,为此我提出了邮递员请求。如果我将授权类型更改为client_credentials,那么它可以工作,但我想测试完整的流,因此我选择授权类型以验证代码,它开始给出错误“无法完成oAuth2.0登录” 代码如下:Asp.net core 无法完成oAuth2.0登录,asp.net-core,oauth-2.0,postman,asp.net-core-2.0,openid-connect,Asp.net Core,Oauth 2.0,Postman,Asp.net Core 2.0,Openid Connect,我已经用.net core 2.1应用程序实现了Aspnet.security.openidconnect.server。现在我想测试我的授权,为此我提出了邮递员请求。如果我将授权类型更改为client_credentials,那么它可以工作,但我想测试完整的流,因此我选择授权类型以验证代码,它开始给出错误“无法完成oAuth2.0登录” 代码如下: services.AddAuthentication(OAuthValidationDefaults.AuthenticationSche
services.AddAuthentication(OAuthValidationDefaults.AuthenticationScheme).AddOAuthValidation()
.AddOpenIdConnectServer(options =>
{
options.AuthorizationEndpointPath = new PathString(AuthorizePath);
// Enable the token endpoint.
options.TokenEndpointPath = new PathString(TokenPath);
options.ApplicationCanDisplayErrors = true;
options.AccessTokenLifetime = TimeSpan.FromMinutes(5);
#if DEBUG
options.AllowInsecureHttp = true;
#endif
options.Provider.OnValidateAuthorizationRequest = context =>
{
if (string.Equals(context.ClientId, Configuration["OpenIdServer:ClientId"], StringComparison.Ordinal))
{
context.Validate(context.RedirectUri);
}
return Task.CompletedTask;
};
// Implement OnValidateTokenRequest to support flows using the token endpoint.
options.Provider.OnValidateTokenRequest = context =>
{
// Reject token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsClientCredentialsGrantType() && !context.Request.IsPasswordGrantType()
&& !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token " +
"requests are accepted by this server.");
return Task.CompletedTask;
}
if (string.IsNullOrEmpty(context.ClientId))
{
context.Skip();
return Task.CompletedTask;
}
if (string.Equals(context.ClientId, Configuration["OpenIdServer:ClientId"], StringComparison.Ordinal) &&
string.Equals(context.ClientSecret, Configuration["OpenIdServer:ClientSecret"], StringComparison.Ordinal))
{
context.Validate();
}
return Task.CompletedTask;
};
// Implement OnHandleTokenRequest to support token requests.
options.Provider.OnHandleTokenRequest = context =>
{
// Only handle grant_type=password token requests and let
// the OpenID Connect server handle the other grant types.
if (context.Request.IsClientCredentialsGrantType() || context.Request.IsPasswordGrantType())
{
//var identity = new ClaimsIdentity(context.Scheme.Name,
// OpenIdConnectConstants.Claims.Name,
// OpenIdConnectConstants.Claims.Role);
ClaimsIdentity identity = null;
if (context.Request.IsClientCredentialsGrantType())
{
identity = new ClaimsIdentity(new GenericIdentity(context.Request.ClientId, "Bearer"), context.Request.GetScopes().Select(x => new Claim("urn:oauth:scope", x)));
}
else if (context.Request.IsPasswordGrantType())
{
identity = new ClaimsIdentity(new GenericIdentity(context.Request.Username, "Bearer"), context.Request.GetScopes().Select(x => new Claim("urn:oauth:scope", x)));
}
// Add the mandatory subject/user identifier claim.
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, Guid.NewGuid().ToString("n") + Guid.NewGuid().ToString("n"));
// By default, claims are not serialized in the access/identity tokens.
// Use the overload taking a "destinations" parameter to make sure
// your claims are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value",
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
var ticket = new Microsoft.AspNetCore.Authentication.AuthenticationTicket(
new ClaimsPrincipal(identity),
new Microsoft.AspNetCore.Authentication.AuthenticationProperties(),
context.Scheme.Name);
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(
OpenIdConnectConstants.Scopes.Profile,
OpenIdConnectConstants.Scopes.OfflineAccess);
context.Validate(ticket);
}
return Task.CompletedTask;
};
这是邮递员收藏:
现在我不确定问题是在我的代码中还是在邮递员集合中?我认为回调url造成了一些问题,但我不确定。有什么帮助吗
更新:
通过访问此页面,我发现了问题。我的代码中没有处理授权代码流,但我甚至不想。是否有任何方法可以使用资源所有者密码测试我的代码?我在请求表单中看不到此授予类型。简单地说,我希望邮递员打开控制器/登录/索引中的登录屏幕,然后选择我的ssl证书cate并为我生成一个令牌?您好,我认为您必须在服务器配置中添加重定向url,我不认为您的STS服务器会将令牌返回到不受信任的url。这就是为什么它可以从您的应用程序而不是从邮递员那里工作的原因。谢谢您的回答。但是如果您看到“更新”“在我的问题中,我没有处理ASOS服务器中的授权代码流。现在我想用我在问题的“更新”部分提到的方法测试我的代码