Oauth 如何使用dotnetify手动授权IdentityServer4隐式granttype?
我正在尝试用vue.js客户端实现.net核心WebAPi+Signal聊天服务器 虽然我可以使用signar和IdentityServer4找到许多参考,但我发现了这个名为dotnetify的有用库。 doetnetify作者描述了如何使用ASOS实现securepage。但我一直坚持使用JWTSecurityTokenHandler进行验证 我尝试用IdentityServer4替换使用ASOS实现的身份验证服务器部分,并复制了作者提供的所有自定义实现。但当承载令牌传递到我的聊天api时,使用我手动更改的tokenValidationParameters验证令牌时会发生异常 我的项目设置如下。 使用以下API和客户端配置识别服务器4 API配置:Oauth 如何使用dotnetify手动授权IdentityServer4隐式granttype?,oauth,signalr,identityserver4,openid-connect,dotnetify,Oauth,Signalr,Identityserver4,Openid Connect,Dotnetify,我正在尝试用vue.js客户端实现.net核心WebAPi+Signal聊天服务器 虽然我可以使用signar和IdentityServer4找到许多参考,但我发现了这个名为dotnetify的有用库。 doetnetify作者描述了如何使用ASOS实现securepage。但我一直坚持使用JWTSecurityTokenHandler进行验证 我尝试用IdentityServer4替换使用ASOS实现的身份验证服务器部分,并复制了作者提供的所有自定义实现。但当承载令牌传递到我的聊天api时,使
return new List<ApiResource>
{
new ApiResource("api1", "API1" ),
new ApiResource("chatapi", "Chat API")
};
return new List<Client>
{
new Client
{
ClientId = "client",
ClientName = "JavaScript Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = { "http://localhost:8080/callback" },
PostLogoutRedirectUris = { "http://localhost:8080/login" },
AllowedCorsOrigins = { "http://localhost:8080" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1",
"chatapi"
}
},
}
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https:/localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "chatapi";
});
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://localhost:8080",
Configuration["ClientAddress"])
.AllowAnyHeader()
.AllowAnyMethod();
});
});
app.UseWebSockets();
app.UseSignalR(routes => routes.MapDotNetifyHub());
app.UseDotNetify(config =>
{
var tokenValidationParameters = new TokenValidationParameters {
ValidateIssuer = true,
ValidIssuer = "https://localhost:5000",
ValidAudience = "chatapi",
};
config.UseFilter<AuthorizeFilter>();
config.UseJwtBearerAuthentication(tokenValidationParameters);
config.UseMiddleware<ExtractAccessTokenMiddleware>(tokenValidationParameters);
// Demonstration filter that passes access token from the middleware to the ViewModels.SecurePageVM class instance.
config.UseFilter<SetAccessTokenFilter>();
});
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys:
kid: '[PII is hidden]',
token: '[PII is hidden]'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Foresting.Chat.ExamplePipelines.ExtractAccessTokenMiddleware.ValidateToken(HeaderData headers, SecurityToken& validatedToken) in C:\GitHub\ChatApi\ChatApi\ExamplePipelines\ExtractAccessTokenMiddleware.cs:line 46
at ChatApi.ExamplePipelines.ExtractAccessTokenMiddleware.Invoke(DotNetifyHubContext hubContext, NextDelegate next) in C:\GitHub\ChatApi\ChatApi\ExamplePipelines\ExtractAccessTokenMiddleware.cs:line 27
提前感谢。要查看实际错误是什么:请注意,您应该将此行添加到IdentityServer启动中。