代码之家  ›  专栏  ›  技术社区  ›  Saurin Vala

IDSRVR4:授权请求验证程序:错误:客户端的授权类型无效:隐式

identityserver4 asp.net-core-2.0 oauth-2.0 oauth c#
  •  6
  • Saurin Vala  · 技术社区  · 7 年前

    我正在尝试设置Identity Server 4 混合和客户端凭据 在.NET核心2.0 MVC上。

    但是,在错误中挣扎 客户端的授予类型无效:隐式 ,

    尽管我已经把 allowedgrantypes=grantypes.hybrid和clientcredentials,

    我已经下载了示例QuickStart,它工作正常,但是我无法用我的代码找到缺少的代码块。

    调试输出: 

    IdentityServer4.Validation.AuthorizeRequestValidator:
Error: Invalid grant type for client: implicit
{
  "ClientId": "consultee",
  "ClientName": "consultee Client test",
  "RedirectUri": "http://consultee.mi.local:44352/signin-oidc",
  "AllowedRedirectUris": [
    "http://consultee.mi.local:44352/signin-oidc"
  ],
  "SubjectId": "anonymous",
  "ResponseType": "id_token",
  "ResponseMode": "form_post",
  "GrantType": "implicit",
  "RequestedScopes": "",
  "State": "CfDJ8KERs5ihv_5Ll9ddYi6Nj5lkLNGQptrJwHqbSD11g27zqVxPcKxLKvbMtd5ab5LPbV15yaCNlHlzpPgRQL4R2XSue8ka_fqLBWFfXad-sRNCyY03JxgL7HZDKDrph-G4hdvRRMvBtXUc0tq2tHd7ZGX7-djehs8aHD6-P_80UfFplHCYkvARV7I64Kb5ki4cFVmLE6G8EbWIUwir6HJpkgK1CbN_IuPtBTjaLZoBOEzpxWTRVaudsD4vZFxdTv4N51ufkn8jy7GPC0pf3xCGInQpA-FziHp681qmiWbCxlp9HuAIZBem-at9dNvC29yRBw4JbcoTSrjuHkq6G6gZtXVh1YuuQYIW9R4wklmlSEX4i8kxM8zJTog98Ce3OFsYnw",
  "Raw": {
    "client_id": "consultee",
    "redirect_uri": "http://consultee.mi.local:44352/signin-oidc",
    "response_type": "id_token",
    "scope": "openid profile api1 offline_access",
    "response_mode": "form_post",
    "nonce": "636626718480261618.MDYwZjE0MjMtNzczMi00ZjQ4LTk0NWUtZjQ1ZDNjM2VjZTRhOWI0NWM0MjMtNGM3Ni00ZDA3LWIyZDctMDcwNTc3ZDU0NGYy",
    "state": "CfDJ8KERs5ihv_5Ll9ddYi6Nj5lkLNGQptrJwHqbSD11g27zqVxPcKxLKvbMtd5ab5LPbV15yaCNlHlzpPgRQL4R2XSue8ka_fqLBWFfXad-sRNCyY03JxgL7HZDKDrph-G4hdvRRMvBtXUc0tq2tHd7ZGX7-djehs8aHD6-P_80UfFplHCYkvARV7I64Kb5ki4cFVmLE6G8EbWIUwir6HJpkgK1CbN_IuPtBTjaLZoBOEzpxWTRVaudsD4vZFxdTv4N51ufkn8jy7GPC0pf3xCGInQpA-FziHp681qmiWbCxlp9HuAIZBem-at9dNvC29yRBw4JbcoTSrjuHkq6G6gZtXVh1YuuQYIW9R4wklmlSEX4i8kxM8zJTog98Ce3OFsYnw",
    "x-client-SKU": "ID_NET",
    "x-client-ver": "2.1.4.0"
  }
}

    顾客 

                    new Client
                {
                    ClientId = "consultee",
                    ClientName = "consultee Client test",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },

                    RedirectUris = { "http://consultee.mi.local:44352/signin-oidc" },
                    PostLogoutRedirectUris = { "http://consultee.mi.local:44352/signout-callback-oidc" },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "api1"
                    },
                    AllowOfflineAccess = true,
                    AllowAccessTokensViaBrowser = true,
                }

    客户端配置服务 

        public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";

                options.Authority = Configuration["identityServerUri"];
                options.RequireHttpsMetadata = false;

                options.ClientId = "consultee";
                options.ClientSecret = "secret";

                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Add("api1");
                options.Scope.Add("offline_access");
            });
    }

    IDServer上的配置服务 

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();

        // configure identity server with in-memory stores, keys, clients and scopes
        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddTestUsers(Config.GetUsers());

        services.AddAuthentication();

    }
    1 回复  |  直到 7 年前
        1
  •  9
  •   Linda Lawton - DaImTo    7 年前

    日志告诉你问题出在哪里

    错误:客户端的授予类型无效:隐式

    您以隐式客户端身份登录。 

    .AddOpenIdConnect("oidc", options =>
        {
            options.SignInScheme = "Cookies";

            options.Authority = Configuration["identityServerUri"];
            options.RequireHttpsMetadata = false;

            options.ClientId = "consultee";
            options.ClientSecret = "secret";

            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;

            options.Scope.Add("api1");
            options.Scope.Add("offline_access");
        });

    您在Identity Server中配置了一个混合客户端 

    new Client
            {
                ClientId = "consultee",
                ClientName = "consultee Client test",
                AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "http://consultee.migrology.local:44352/signin-oidc" },
                PostLogoutRedirectUris = { "http://consultee.migrology.local:44352/signout-callback-oidc" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "api1"
                },
                AllowOfflineAccess = true,
                AllowAccessTokensViaBrowser = true,
            }

    所以服务器不允许你这样做。您需要将代码更改为混合登录,或者将客户机更改为隐式客户机。

    改为混合动力

    要将隐式登录更改为混合登录,需要更改一些内容。

    • 配置ClientSecret以匹配IdentityServer上的机密。
    • 添加脱机访问
    • 添加作用域(API1)
    • 将responseType设置为code id_token(这基本上意味着_使用混合流_) (你找不到这个)
    推荐文章
    SpaceCowboy74 Mohammad Aghazadeh  ·  使用Fluent Validation比较数组中的值
    8 月前
    Rico Strydom  ·  Linq to XML:如何基于文件中的其他元素获取元素
    8 月前
    A B  ·  C#Excel自动调整列避免长文本时出错
    8 月前
    Megrez7  ·  C#ToArray转换合并为一行,导致数组元素更改
    8 月前
    Alireza Noori  ·  全局配置用于本地化的MudDontext验证消息?
    8 月前
    Aycon  ·  在工厂方法中释放部分创建的对象的正确方法是什么?
    8 月前
    Martyn C  ·  自定义StringEnumConverter未拾取所有枚举
    8 月前
    Duck0  ·  这个对象在更高的帧率下会更快吗,因为它在Update()中?
    9 月前
    Nwerx_user  ·  在C#中,如何在不使用static关键字的情况下使用类外的方法?
    9 月前
    Sei  ·  Avalonia/WPF将路由器传递到控制模板
    9 月前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号