【发布时间】:2021-12-22 12:43:06
【问题描述】:
我已经尝试setup a project with IdentityServer4 有一段时间了。但是我收到以下错误:
Sso.Application.CentralHandler: Information: AuthenticationScheme: central was challenged.
IdentityServer4.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
IdentityServer4.Validation.AuthorizeRequestValidator: Error: Unknown client or not enabled: oauthClient
IdentityServer4.Endpoints.AuthorizeEndpoint: Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint: Information: {
"SubjectId": "anonymous",
"RequestedScopes": "",
"PromptMode": "",
"Raw": {
"client_id": "oauthClient",
"scope": "weatherforecasts.read",
"response_type": "code",
"redirect_uri": "https://localhost:44375/signin-central",
"code_challenge": "Rdi0rU5OkG1gWzh9xfvOxbZLiGbDHqujbMzl9d3u7Qs",
"code_challenge_method": "S256",
"state": "CfDJ8PC7ZLg_v2RDsl0VaXUuuT_-sT-at-LgQD1krwu8LESVXDKkQxQd8_eUQZJqOiGREAzBtfZ4U9X0BJDIn15AvYXKR2omUEBW5LzJm1Vz3ykaScc_kC89f6hCimDBmqCAdUOF0wnEn8FfDD8GPJtPBgxqoqrCNnyGKxh58XOIa85sN-zDSU5Oa73pzKt5FrFIkBCqUOfpCM_KZajZR_3DWFNCbwn8tS-XR0of7ga72XDILC--N9bCqA2eIlTSxf9HHPXmmLninU1ri7RM-XMsOzH__mtQQPOXCuaHw3Q0Nkedmpj4NaTCdcB1k55IdsX1eLrub8ptagCWzMIzXcYIWlJc74Zj-_H2uDZE4M-Blbdr"
}
}
我整天都在寻找如何解决这个错误,但我无法弄清楚它有什么问题。
这是the IdentityProvider project的Startup中的代码:
services
.AddDbContext<SsoCentralContext>();
//.AddScoped<Repositories.IAccountRepository, Repositories.AccountRepository>();
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<SsoCentralContext>();
var isb = services.AddIdentityServer();
isb
.AddInMemoryClients(new List<Client>
{
new Client
{
ClientId = "oauthClient",
ClientName = "oauthClient",
AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
Enabled = true,
ClientSecrets = new List<Secret> {new Secret("SuperSecretPassword".Sha256())}, // change me!
AllowedScopes = new List<string> {"weatherforecasts.read"},
RedirectUris = new List<string>
{
"https://localhost:44375/signin-central"
},
}
})
.AddInMemoryIdentityResources(new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource
{
Name = "role",
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
{
Name = "api1",
DisplayName = "API #1",
Description = "Allow the application to access API #1 on your behalf",
Scopes = new List<string> { "weatherforecasts.read", "weatherforecasts.write"},
ApiSecrets = new List<Secret> {new Secret("ScopeSecret".Sha256())},
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope("weatherforecasts.read", "Read Access to API #1"),
new ApiScope("weatherforecasts.write", "Write Access to API #1")
})
.AddTestUsers(new List<IdentityServer4.Test.TestUser>
{
new IdentityServer4.Test.TestUser
{
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
Username = "Pieterjan",
Password = "password",
Claims = new List<System.Security.Claims.Claim> {
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Email, "pieterjan@example.com"),
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Role, "admin")
}
}
})
.AddDeveloperSigningCredential();
isb
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
});
isb.AddAspNetIdentity<IdentityUser>();
上面的代码肯定会被调用,所以oauthClient 肯定存在。客户端也肯定是启用的。
Identity 项目的Startup 中的This is the code:
services
.AddAuthentication(options =>
{
})
.AddOAuth<CentralOptions, CentralHandler>("central", options =>
{
options.ClaimsIssuer = "https://localhost:44359"; // This is the URL of the IdentityProvider
options.SaveTokens = true;
options.ClientId = "oauthClient";
options.ClientSecret = "SuperSecretPassword";
options.Scope.Add("weatherforecasts.read");
options.UsePkce = true;
});
如何解决此错误?有人知道如何找出这里出了什么问题吗?
我还需要在此处配置的内容之上使用OpenIdConnect 吗?
更新:
我添加了一个调用,只是为了从 IS4 ClientStore 获取客户端:
[HttpGet("Clients")]
public async Task<IActionResult> GetClients()
{
//var client = await clientStore.FindClientByIdAsync("SsoApplicationClient");
var _inner = (IdentityServer4.EntityFramework.Stores.ClientStore)clientStore.GetType().GetField("_inner", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(clientStore);
var Context = (IdentityServer4.EntityFramework.DbContexts.ConfigurationDbContext)_inner.GetType().GetField("Context", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(_inner);
var Clients = Context.Clients;
return Ok(Clients);
}
令我惊讶的是,我从中得到的是一个完全空的列表:
【问题讨论】:
-
应用程序
"client_id": "oauthClient"是否为身份验证服务所知(已注册)? -
你的意思是在客户端?是的,我会更新问题。
-
不,身份验证服务器需要“知道”谁要求进行身份验证。否则,它将信任任何发出身份验证请求的客户端应用程序。
-
感谢您的回复。这与我正在做的事情 here 不同吗?这就是 oauth 客户端现在注册的地方。
标签: asp.net-core identityserver4 asp.net-core-identity