问题描述
我正在尝试使用 "oidc-client": "1.10.1"
使身份服务器 4 在带有 Angular 8 SPA 的 ASP Net Core 3 应用程序中工作.
I'm trying to get Identity server 4 to work in an ASP Net Core 3 application with an Angular 8 SPA using "oidc-client": "1.10.1"
.
如果我将以下内容添加到我的 appsettings.json
If I add the following to my appsettings.json
"IdentityServer": {
"Key": {
"Type": "File",
"FilePath": "acertificate.pfx",
"Password": "notmyrealpassword..orisit?"
},
"Clients": {
"dev-client": {
"Profile": "IdentityServerSPA",
}
}
}
使用此客户端:
{
authority: 'https://localhost:5001/',
client_id: 'dev-client',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile API',
filterProtocolClaims: true,
loadUserInfo: true
}
我得到:Invalid redirect_uri: http://localhost:4200/auth-callback
添加.
"dev-client": {
"Profile": "IdentityServerSPA",
"RedirectUris": [ "http://localhost:4200/auth-callback" ]
}
什么都不做.如果我添加(几乎)从文档中复制的客户端配置
does nothing. If I add the Client config copied (almost) from the documentation
"Clients": [
{
"Enabled": true,
"ClientId": "dev-client",
"ClientName": "Local Development",
"AllowedGrantTypes": [ "implicit" ],
"AllowedScopes": [ "openid", "profile", "API" ],
"RedirectUris": [ "http://localhost:4200/auth-callback" ],
"RequireConsent": false,
"RequireClientSecret": false
}
]
我得到:System.InvalidOperationException: 'Type '' is not supported.'
在启动时
如果我尝试在代码中配置客户端,并且只在 appsettings 中保留Key"部分
If I try to configure the client in code, and only keep the "Key" section in appsettings
services
.AddIdentityServer(options =>
{
options.Cors.CorsPolicyName = _CorsPolicyName;
})
.AddInMemoryClients(new IdentityServer4.Models.Client[] {
new IdentityServer4.Models.Client
{
ClientId = "dev-client",
ClientName = "JavaScript Client",
ClientUri = "http://localhost:4200",
AllowedGrantTypes = { IdentityModel.OidcConstants.GrantTypes.Implicit },
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:4200/auth-callback" },
PostLogoutRedirectUris = { "http://localhost:4200" },
AllowedCorsOrigins = { "http://localhost:4200" },
AllowedScopes =
{
IdentityServer4.IdentityServerConstants.StandardScopes.OpenId,
IdentityServer4.IdentityServerConstants.StandardScopes.Profile,
IdentityServer4.IdentityServerConstants.StandardScopes.Email,
"API"
}
}
})
我得到:未知客户端或未启用:dev-client
.
有人帮助我保持理智并指出我最有可能的明显错误.
Someone help me keep my sanity and point out my, most likely obvious, error.
推荐答案
ASP.NET Identity 覆盖了 IdentityServer 客户端配置的文档化方法,需要一个 众所周知的值.您可以通过创建一个名为 Clients
的非部分并显式读取该部分来绕过此问题.此外,AddApiAuthorization
在 ApiAuthorizationOptions 上公开了 Clients 集合,可用于添加其他客户端:
ASP.NET Identity overrides the documented method for IdentityServer Clients configuration, expecting a dictionary of well-known values. You can bypass this by creating a section that is not named Clients
and reading from that section explicitly. Additionally, AddApiAuthorization
exposes the Clients collection on the ApiAuthorizationOptions, which can be used to add other clients:
.AddApiAuthorization<...>(options =>
{
options.Clients.AddRange(Configuration.GetSection("IdentityServer:OtherClients").Get<Client[]>());
});
这篇关于AddInMemoryClients 导致未知客户端或未启用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!