Clients

Clients

关注
发信
关注(28)粉丝(399)

AddInMemoryClients导致未知客户端或未启用

本文介绍了AddInMemoryClients导致未知客户端或未启用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用"oidc-client": "1.10.1"使Identity Server 4在具有Angular 8 SPA的ASP Net Core 3应用程序中工作.

I'm trying to get Identity server 4 to work in an ASP Net Core 3 application with an Angular 8 SPA using "oidc-client": "1.10.1".

如果我将以下内容添加到我的appsettings.json

If I add the following to my appsettings.json

  "IdentityServer": {
    "Key": {
      "Type": "File",
      "FilePath": "acertificate.pfx",
      "Password": "notmyrealpassword..orisit?"
    },
    "Clients": {
      "dev-client": {
        "Profile": "IdentityServerSPA",
      }
    }
  }

使用此客户端:

 {
      authority: 'https://localhost:5001/',
      client_id: 'dev-client',
      redirect_uri: 'http://localhost:4200/auth-callback',
      post_logout_redirect_uri: 'http://localhost:4200/',
      response_type: 'id_token token',
      scope: 'openid profile API',
      filterProtocolClaims: true,
      loadUserInfo: true
  }

我得到:Invalid redirect_uri: http://localhost:4200/auth-callback

添加.

"dev-client": {
  "Profile": "IdentityServerSPA",
  "RedirectUris": [ "http://localhost:4200/auth-callback" ]
}

什么都不做.如果我添加从文档中复制(几乎)复制的客户端配置

does nothing. If I add the Client config copied (almost) from the documentation

"Clients": [
  {
    "Enabled": true,
    "ClientId": "dev-client",
    "ClientName": "Local Development",
    "AllowedGrantTypes": [ "implicit" ],
    "AllowedScopes": [ "openid", "profile", "API" ],
    "RedirectUris": [ "http://localhost:4200/auth-callback" ],
    "RequireConsent": false,
    "RequireClientSecret": false
  }
]

我得到:启动时System.InvalidOperationException: 'Type '' is not supported.'

如果我尝试在代码中配置客户端,并且仅将"Key"部分保留在appsettings中

If I try to configure the client in code, and only keep the "Key" section in appsettings 

services
.AddIdentityServer(options =>
{
    options.Cors.CorsPolicyName = _CorsPolicyName;
})
.AddInMemoryClients(new IdentityServer4.Models.Client[] {
new IdentityServer4.Models.Client
{
    ClientId = "dev-client",
    ClientName = "JavaScript Client",
    ClientUri = "http://localhost:4200",

    AllowedGrantTypes = { IdentityModel.OidcConstants.GrantTypes.Implicit },
    AllowAccessTokensViaBrowser = true,

    RedirectUris = { "http://localhost:4200/auth-callback" },
    PostLogoutRedirectUris = { "http://localhost:4200" },
    AllowedCorsOrigins = { "http://localhost:4200" },

    AllowedScopes =
    {
        IdentityServer4.IdentityServerConstants.StandardScopes.OpenId,
        IdentityServer4.IdentityServerConstants.StandardScopes.Profile,
        IdentityServer4.IdentityServerConstants.StandardScopes.Email,
        "API"
    }
}
})

我得到:Unknown client or not enabled: dev-client.

有人帮助我保持理智,指出我(很可能是显而易见的)错误.

Someone help me keep my sanity and point out my, most likely obvious, error.

推荐答案

ASP.NET Identity覆盖了记录的IdentityServer Clients配置方法,期望已知值词典.您可以通过创建一个名为Clients部分并明确读取该部分来绕过此操作.此外,AddApiAuthorization在ApiAuthorizationOptions上公开Clients集合,可用于添加其他客户端:

ASP.NET Identity overrides the documented method for IdentityServer Clients configuration, expecting a dictionary of well-known values. You can bypass this by creating a section that is not named Clients and reading from that section explicitly. Additionally, AddApiAuthorization exposes the Clients collection on the ApiAuthorizationOptions, which can be used to add other clients:

.AddApiAuthorization<...>(options =>
            {
                options.Clients.AddRange(Configuration.GetSection("IdentityServer:OtherClients").Get<Client[]>());
            });

这篇关于AddInMemoryClients导致未知客户端或未启用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-18 05:25
Powered by LMLPHP ©2024 Clients 0.006407