Identityserver4 与PKCE的授权流:";显示登录:用户未通过身份验证”;
我们在其自己的域上的节点上安装了一个vueJs spa 我们已在另一个域上安装了asp.net core IdentityServer 4应用程序 我们正在尝试使用授权代码PKCE流 我们看过一些文章,但大多数都有不同的配置,在同一个域上使用隐式流或MVC客户机 以下是客户端的配置:Identityserver4 与PKCE的授权流:";显示登录:用户未通过身份验证”;,identityserver4,oidc-client-js,Identityserver4,Oidc Client Js,我们在其自己的域上的节点上安装了一个vueJs spa 我们已在另一个域上安装了asp.net core IdentityServer 4应用程序 我们正在尝试使用授权代码PKCE流 我们看过一些文章,但大多数都有不同的配置,在同一个域上使用隐式流或MVC客户机 以下是客户端的配置: import Oidc from 'oidc-client'; var mgr = new Oidc.UserManager({ authority: "https://localhost:443
import Oidc from 'oidc-client';
var mgr = new Oidc.UserManager({
authority: "https://localhost:44363",
client_id: 'Code Autho',
redirect_uri: 'http://localhost:8080',
response_type:'code',
scope: 'openid profile email api1',
})
export default mgr;
new Client
{
ClientId = "Code Autho",
ClientName = "Code With PKCE",
RedirectUris = {
Uri.EscapeUriString("http://localhost:8080")
},
PostLogoutRedirectUris = {"http://localhost:8080"},
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1"
},
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse
}
2019-06-21 11:41:54.396 +02:00 [INF] Starting IdentityServer4 version 2.4.0.0
2019-06-21 11:41:54.407 +02:00 [INF] You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
2019-06-21 11:41:54.412 +02:00 [INF] Using the default authentication scheme Identity.Application for IdentityServer
2019-06-21 11:41:54.412 +02:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for authentication
2019-06-21 11:41:54.412 +02:00 [DBG] Using Identity.External as default ASP.NET Core scheme for sign-in
2019-06-21 11:41:54.412 +02:00 [DBG] Using Identity.External as default ASP.NET Core scheme for sign-out
2019-06-21 11:41:54.412 +02:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for challenge
2019-06-21 11:41:54.413 +02:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for forbid
2019-06-21 11:41:54.757 +02:00 [DBG] CORS request made for path: /.well-known/openid-configuration from origin: http://localhost:8080
2019-06-21 11:41:54.760 +02:00 [DBG] Client list checked and origin: http://localhost:8080 is allowed
2019-06-21 11:41:54.760 +02:00 [DBG] CorsPolicyService allowed origin: http://localhost:8080
2019-06-21 11:41:54.776 +02:00 [DBG] Login Url: /Account/Login
2019-06-21 11:41:54.776 +02:00 [DBG] Login Return Url Parameter: ReturnUrl
2019-06-21 11:41:54.777 +02:00 [DBG] Logout Url: /Account/Logout
2019-06-21 11:41:54.777 +02:00 [DBG] ConsentUrl Url: /consent
2019-06-21 11:41:54.777 +02:00 [DBG] Consent Return Url Parameter: returnUrl
2019-06-21 11:41:54.777 +02:00 [DBG] Error Url: /home/error
2019-06-21 11:41:54.777 +02:00 [DBG] Error Id Parameter: errorId
2019-06-21 11:41:54.799 +02:00 [DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2019-06-21 11:41:54.805 +02:00 [DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019-06-21 11:41:54.805 +02:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2019-06-21 11:41:54.807 +02:00 [DBG] Start discovery request
2019-06-21 11:41:54.975 +02:00 [DBG] Request path /connect/authorize matched to endpoint type Authorize
2019-06-21 11:41:54.988 +02:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019-06-21 11:41:54.989 +02:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
2019-06-21 11:41:54.997 +02:00 [DBG] Start authorize request
2019-06-21 11:41:55.010 +02:00 [DBG] No user present in authorize request
2019-06-21 11:41:55.013 +02:00 [DBG] Start authorize request protocol validation
2019-06-21 11:41:55.033 +02:00 [DBG] client configuration validation for client Code Autho succeeded.
2019-06-21 11:41:55.044 +02:00 [DBG] Checking for PKCE parameters
2019-06-21 11:41:55.078 +02:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-06-21 11:41:55.094 +02:00 [INF] ValidatedAuthorizeRequest
{"ClientId":"Code Autho","ClientName":"code autho Klanik Code With PKCE","RedirectUri":"http://localhost:8080","AllowedRedirectUris":["http://localhost:8080"],"SubjectId":"anonymous","ResponseType":"code","ResponseMode":"query","GrantType":"authorization_code","RequestedScopes":"openid profile email api1","State":"a53f2786c13d460fa5271652c9871234","UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"client_id":"Code Autho","redirect_uri":"http://localhost:8080","response_type":"code","scope":"openid profile email api1","state":"a53f2786c13d460fa5271652c9871234","code_challenge":"ih1wDabwyipUIsHxQcdi6tCyhOy9pzYyLyWn3A6R_Kw","code_challenge_method":"S256"},"$type":"AuthorizeRequestValidationLog"}
2019-06-21 11:41:55.103 +02:00 [INF] Showing login: User is not authenticated
预期:我们被重定向到,并且用户已通过身份验证。(我们在localhost:8080上有一个登录组件,需要用户名/密码)。您错过了要点:PKCE代码是所谓的交互流之一,其中用户代理被重定向到身份提供商登录屏幕以输入凭据。因此,您仍然必须在Identityserver主机上显示登录屏幕。那么我的登录页面和重定向Uri应该在Identityserver上吗?这还不清楚。你有解释这个的链接吗?只有第一个
redirect\u url