Asp.net core IdentityServer4-RequestClientCredentialsTokenAsync返回未经授权的\u客户端
使用IdentityServer4,在更新.net core 3的代码后,我收到一个未经授权的_客户端错误 我的客户端在IdentityServer中设置如下:Asp.net core IdentityServer4-RequestClientCredentialsTokenAsync返回未经授权的\u客户端,asp.net-core,identityserver4,Asp.net Core,Identityserver4,使用IdentityServer4,在更新.net core 3的代码后,我收到一个未经授权的_客户端错误 我的客户端在IdentityServer中设置如下: new Client { ClientId = "testclient", ClientName = "My Test Client", RequireC
new Client
{
ClientId = "testclient",
ClientName = "My Test Client",
RequireConsent = false,
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets = { new Secret("secret".Sha256()) },
RedirectUris = { "https://localhost:50691/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:50691/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId, // identity resource
"testscope" // api resource
}
},
新客户端
{
ClientId=“testclient”,
ClientName=“我的测试客户端”,
RequireSent=false,
AllowedGrantTypes=GrantTypes.Implicit,
ClientSecrets={newsecret(“Secret.Sha256())},
重定向URI={”https://localhost:50691/signin-oidc“},
PostLogoutRedirectUris={”https://localhost:50691/signout-回调oidc“},
AllowedScopes=新列表
{
IdentityServerConstants.StandardScopes.OpenId,//标识资源
“testscope”//api资源
}
},
public async Task<TokenResponse> GetAccessTokenAsync(string IdentityServerBaseAddress, string IdentityServerClientId)
{
var client = new HttpClient();
var disco = await client.GetDiscoveryDocumentAsync(IdentityServerBaseAddress);
if (disco.IsError)
{
Console.WriteLine($"Disco error: {disco.Error}");
return null;
}
Console.WriteLine($"Token endpoint: {disco.TokenEndpoint}");
Console.WriteLine();
// TODO: Get secret from Azure Key Vault
// request token
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = disco.TokenEndpoint, // "https://localhost:5000/connect/token"
ClientId = "testclient", // valid clientid
ClientSecret = "secret",
Scope = "testscope"
});
if (tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return null;
}
return tokenResponse;
}
公共异步任务GetAccessTokenAsync(字符串IdentityServerBaseAddress、字符串IdentityServerClientId)
{
var client=新的HttpClient();
var disco=await client.GetDiscoveryDocumentAsync(IdentityServerBaseAddress);
如果(迪斯科舞厅)
{
WriteLine($“Disco错误:{Disco.error}”);
返回null;
}
WriteLine($“令牌端点:{disco.TokenEndpoint}”);
Console.WriteLine();
//TODO:从Azure密钥库获取机密
//请求令牌
var tokenResponse=wait client.RequestClientCredentialsTokenAsync(新ClientCredentialsTokenRequest
{
地址=disco.tokenpoint,//”https://localhost:5000/connect/token"
ClientId=“testclient”,//有效的ClientId
ClientSecret=“secret”,
Scope=“testscope”
});
if(tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
返回null;
}
返回令牌响应;
}
tokenResponse.IsError返回true(因此该方法返回null),错误设置为“unauthorized_client”。我是根据在的文档编写这段代码的。My clientid有效,IdentityServer在登录此客户端时验证用户。我很确定这个问题很简单,我只是没有看到?非常感谢您的帮助。因为您使用的是clientId和ClientSecret,所以我认为您需要将客户端配置更改为使用GrantTypes.ClientCredentials,而不是GrantTypes.Implicit 更改:
AllowedGrantTypes = GrantTypes.Implicit,
由于您使用的是clientId和ClientSecret,因此我认为您需要将客户端配置更改为使用GrantTypes.ClientCredentials,而不是GrantTypes.Implicit 更改:
AllowedGrantTypes = GrantTypes.Implicit,
你是最棒的!实际上,我不得不将其更改为GrantTypes.ImplicitAndClientCredentials,但这就成功了。谢谢你是最棒的!实际上,我不得不将其更改为GrantTypes.ImplicitAndClientCredentials,但这就成功了。谢谢