带有 ServiceStack 和 MVC 客户端的 IdentityServer3

Question

我是 IdentityServer3 的新手，刚刚开始设置它。它似乎进展顺利，我一直在为 MVC 应用程序开发混合流程，类似于 Kevin Dockx 的 Pluralsight 课程 (http://www.pluralsight.com/courses/building-securing-restful-api-aspdotnet) 中所示的流程 当我尝试使用 MVC 配置 IdentityServer 时，弹出错误-Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: invalid_request

ID 服务器：

new Client
{
   Enabled = true,
   ClientName = "MVC Client (Hybrid Flow)",
   ClientId = "mvc",
   Flow = Flows.Hybrid,
   RequireConsent = true,
   RedirectUris = new List<string>
   {"https://localhost:44358/"},                    
}

 var scopes = new List<Scope>{                    
    StandardScopes.OpenId,
    StandardScopes.Profile
 };

以下是来自 MVC 客户端应用程序的代码

public void Configuration(IAppBuilder app)
    {            
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies",
            //CookieName = "ourcookiename"
        });

        var options = new OpenIdConnectAuthenticationOptions
        {
            ClientId = "mvc",
            Authority = "https://localhost:44367/identity/",
            RedirectUri = "https://localhost:44358/",
            // PostLogoutRedirectUri = "https://localhost:44300/",
            SignInAsAuthenticationType = "Cookies",
            ResponseType = "code id_token token",
            Scope = "openId profile"
        };
        app.UseOpenIdConnectAuthentication(options);         
    }

并且还必须配置 IdentityServer3 和 ServiceStack' for this I used linkhttps://github.com/MacLeanElectrical/servicestack-authentication-identityserver` 来验证服务，但在 Global.aspx 中为 new AppHost().Init();它显示错误-

'System.NullReferenceException' occurred in ServiceStack.dll but was not handled in user code

Answer 1

这就是我的做法

return new[]
        {
            new Client
            {
                Enabled = true,
                ClientId = "Client",
                ClientName = "SomeClient",
                Flow = Flows.Hybrid,
                RequireConsent = true,
                AllowedScopes = new List<string>
                {
                    "openid",
                    "profile",
                    "roles",
                    "api",
                    "offline_access"
                },
                RedirectUris = new List<string>
                {
                    Constants.Client
                },

                AccessTokenLifetime = 3600,

                ClientSecrets = new List<Secret>()
                {
                    new Secret("secret".Sha256())
                }
            }
        };


var scopes = new List<Scope>
        {

            //Identity Scopes
            StandardScopes.OpenId,
            StandardScopes.Profile,

            new Scope
            {
                Enabled = true,
                Name = "roles",
                DisplayName = "Roles",
                Description = "The roles you belong to.",
                Type = ScopeType.Identity,
                Claims = new List<ScopeClaim>
                {
                    new ScopeClaim("role")
                }
            },
            new Scope
            {
                Enabled = true,
                Name="api",
                DisplayName = "API Scope",
                Description = "To accesss the API",
                Type = ScopeType.Resource,
                Emphasize = false,
                Claims = new List<ScopeClaim>
                {
                    new ScopeClaim("role"),
                    new ScopeClaim("id")
                }

            },

            StandardScopes.OfflineAccess

        };

        return scopes;

Answer 2

我没有看到您在客户端中指定 AllowedScopes

new Client
{
   Enabled = true,
   ClientName = "MVC Client (Hybrid Flow)",
   ClientId = "mvc",
   Flow = Flows.Hybrid,
   RequireConsent = true,
   RedirectUris = new List<string>
   {"https://localhost:44358/"},
   AllowedScopes = new List<string>{                    
       "openid",
       "profile"
   };                 
}