请选择 进入手机版 | 继续访问电脑版
 找回密码
 立即注册

QQ登录

只需一步,快速开始

八酷博客 首页 技术分享 解决问题 查看内容

.NetCore3.1配置IdentityServer4认证服务,一直不能获取Token,请高手指点迷津?? ...

2020-11-18 15:02| 发布者: admin| 查看: 7| 评论: 0|原作者: 我想啸天|来自: 博客园

摘要: 请求工具:postman posturl:http://localhost:5000/connect/token 参数:grant_type:client_credentials client_id:1001 client_secret:jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI= 结果:{ error: invalid_client }
我想啸天

请求工具:postman
posturl:http://localhost:5000/connect/token
参数:grant_type:client_credentials
client_id:1001
client_secret:jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI=
结果:{
"error": "invalid_client"
}

问题补充:

public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentityServer()
//设置临时签名凭据
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResourceResources())
//从Config类里面读取刚刚定义的Api资源
.AddInMemoryApiResources(Config.GetApiResources())
//从Config类里面读取刚刚定义的Client集合
.AddInMemoryClients(Config.GetClients());

    }

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseAuthorization();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});

    }

请求返回结果
IdentityServer4.Validation.TokenRequestValidator[0]
Client cannot request OpenID scopes in client credentials flow{ clientId = client1 }, details: {
"ClientId": "client1",
"GrantType": "client_credentials",
"Scopes": "api1",
"AuthorizationCode": "",
"RefreshToken": "
",
"Raw": {
"grant_type": "client_credentials",
"client_id": "client1",
"client_secret": "REDACTED",
"scope": "api1"
}
}


public static IEnumerable<Client> GetClients()
{
return new List<Client>() {
new Client(){
ClientId ="client1",
//授权方式为用户密码模式授权,类型可参考GrantTypes枚举
AllowedGrantTypes = GrantTypes.ClientCredentials,
//认证秘钥,用于验证的secret
ClientSecrets =
{
new Secret("123456".Sha256())
},
// 允许的范围
AllowedScopes ={
"api1"
}
},
// resource owner password grant client
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("123456".Sha256())
},
AllowedScopes = {
"api2"
//必须要添加,否则报forbidden错误
,IdentityServerConstants.StandardScopes.OpenId
,IdentityServerConstants.StandardScopes.Profile
}
}
};
}

我想啸天

配置Client不是关键的,关键的是需要ConfigService配置Scopes,具体可以参看IdentityServer4 4.1.1版本入坑指南。

我想啸天


文章点评