C# AuthorizeRequestValidator:错误:客户端的授权类型无效:隐式
我正在尝试在.NET Core 2.0 MVC上设置Identity Server 4C# AuthorizeRequestValidator:错误:客户端的授权类型无效:隐式,c#,oauth,oauth-2.0,asp.net-core-2.0,identityserver4,C#,Oauth,Oauth 2.0,Asp.net Core 2.0,Identityserver4,我正在尝试在.NET Core 2.0 MVC上设置Identity Server 4HybridAndClientCredentials 我正在与错误作斗争: 客户端的授权类型无效:隐式 即使我的代码中有: AllowedGrantTypes = GrantTypes.HybridAndClientCredentials, 我已经下载了示例quickstart,它工作正常,但我无法用我的代码找到缺少的行块 调试输出: IdentityServer4.Validation.AuthorizeR
HybridAndClientCredentials
我正在与错误作斗争:
客户端的授权类型无效:隐式
即使我的代码中有:
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
我已经下载了示例quickstart,它工作正常,但我无法用我的代码找到缺少的行块
调试输出:
IdentityServer4.Validation.AuthorizeRequestValidator:
Error: Invalid grant type for client: implicit
{
"ClientId": "consultee",
"ClientName": "consultee Client test",
"RedirectUri": "http://consultee.mi.local:44352/signin-oidc",
"AllowedRedirectUris": [
"http://consultee.mi.local:44352/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "id_token",
"ResponseMode": "form_post",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "CfDJ8KERs5ihv_5Ll9ddYi6Nj5lkLNGQptrJwHqbSD11g27zqVxPcKxLKvbMtd5ab5LPbV15yaCNlHlzpPgRQL4R2XSue8ka_fqLBWFfXad-sRNCyY03JxgL7HZDKDrph-G4hdvRRMvBtXUc0tq2tHd7ZGX7-djehs8aHD6-P_80UfFplHCYkvARV7I64Kb5ki4cFVmLE6G8EbWIUwir6HJpkgK1CbN_IuPtBTjaLZoBOEzpxWTRVaudsD4vZFxdTv4N51ufkn8jy7GPC0pf3xCGInQpA-FziHp681qmiWbCxlp9HuAIZBem-at9dNvC29yRBw4JbcoTSrjuHkq6G6gZtXVh1YuuQYIW9R4wklmlSEX4i8kxM8zJTog98Ce3OFsYnw",
"Raw": {
"client_id": "consultee",
"redirect_uri": "http://consultee.mi.local:44352/signin-oidc",
"response_type": "id_token",
"scope": "openid profile api1 offline_access",
"response_mode": "form_post",
"nonce": "636626718480261618.MDYwZjE0MjMtNzczMi00ZjQ4LTk0NWUtZjQ1ZDNjM2VjZTRhOWI0NWM0MjMtNGM3Ni00ZDA3LWIyZDctMDcwNTc3ZDU0NGYy",
"state": "CfDJ8KERs5ihv_5Ll9ddYi6Nj5lkLNGQptrJwHqbSD11g27zqVxPcKxLKvbMtd5ab5LPbV15yaCNlHlzpPgRQL4R2XSue8ka_fqLBWFfXad-sRNCyY03JxgL7HZDKDrph-G4hdvRRMvBtXUc0tq2tHd7ZGX7-djehs8aHD6-P_80UfFplHCYkvARV7I64Kb5ki4cFVmLE6G8EbWIUwir6HJpkgK1CbN_IuPtBTjaLZoBOEzpxWTRVaudsD4vZFxdTv4N51ufkn8jy7GPC0pf3xCGInQpA-FziHp681qmiWbCxlp9HuAIZBem-at9dNvC29yRBw4JbcoTSrjuHkq6G6gZtXVh1YuuQYIW9R4wklmlSEX4i8kxM8zJTog98Ce3OFsYnw",
"x-client-SKU": "ID_NET",
"x-client-ver": "2.1.4.0"
}
}
客户:
new Client
{
ClientId = "consultee",
ClientName = "consultee Client test",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://consultee.mi.local:44352/signin-oidc" },
PostLogoutRedirectUris = { "http://consultee.mi.local:44352/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true,
AllowAccessTokensViaBrowser = true,
}
ConfigurationService
客户端:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = Configuration["identityServerUri"];
options.RequireHttpsMetadata = false;
options.ClientId = "consultee";
options.ClientSecret = "secret";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
}
IdServer上的ConfigurationService
:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers());
services.AddAuthentication();
}
日志会告诉你这个问题是什么
错误:客户端的授权类型无效:隐式
您正在作为隐式客户端登录
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = Configuration["identityServerUri"];
options.RequireHttpsMetadata = false;
options.ClientId = "consultee";
options.ClientSecret = "secret";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
您已在identity server中配置了混合客户端
new Client
{
ClientId = "consultee",
ClientName = "consultee Client test",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://consultee.migrology.local:44352/signin-oidc" },
PostLogoutRedirectUris = { "http://consultee.migrology.local:44352/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true,
AllowAccessTokensViaBrowser = true,
}
所以服务器不允许你这么做。您需要更改代码以混合方式登录,或者将客户端更改为隐式客户端
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = Configuration["identityServerUri"];
options.RequireHttpsMetadata = false;
options.ClientId = "consultee";
options.ClientSecret = "secret";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
改为混合动力车
为了将隐式登录更改为混合登录,您需要更改一些内容
- 将ClientSecret配置为与IdentityServer上的密码匹配李>
- 添加脱机访问
- 添加作用域(api1)
- 将ResponseType设置为
code id\u token
(其基本意思是“使用混合流”)(您缺少此项)
对不起!我不太明白,但这对我来说很有用:离线访问和选项。ResponseType=“code id\u token”;(在客户面前)你真是个斗牛士!我也在做同样的事情,我觉得你的项目使用隐式和我的混合运行很奇怪,所以我不得不用你的代码进行测试。我们在这里都学到了一些东西。