问题描述
给出:
IdentityServer v3JavaSCript客户端Asp Core Api客户端
IdentityServer v3JavaSCript Client Asp Core Api Client
JavaScript客户端通过身份服务器进行身份验证,并向api发送带有承载令牌的请求
The JavaScript client authenticates with the identityserver and makes a request with a bearer token to the api
该api配置为使用资源所有者的工作流程
the api is configured to use ressource owner workflow
问题:现在我得到了:
显然受众群体不匹配.我想念什么?
Obiviously Audiance doesn't match. what am I missing?
配置
身份服务器中的ApiClient:
ApiClient in Identity server:
return new Client
{
Enabled = true,
ClientId = "MyApi",
ClientName = "The client for the Groupl Api",
ClientSecrets = new List<Secret>
{
new Secret("foo".Sha256())
},
Flow = Flows.ResourceOwner,
AllowedScopes = ClientConstants.AllowedGrouplScopes()
};
在api中连接到身份服务器:
In the api to connect to identity server:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
var authority = config["identity:authority:url"];
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = authority,
RequireHttpsMetadata = false,
EnableCaching = false,
ApiName = "myApi", //Correct that this is the client id?
ApiSecret = "foo"
});
此处是请求(省略了Access_token)
Here the request (Access_token omitted)
GET /api/values HTTP/1.1
Host: localhost:59364
Content-Type: application/json
Authorization: Bearer {access_token}
更新
Update
当我设置LegacyAudienceValidation = true
时,一切正常,但是我不确定如何正确处理此问题?
when I set LegacyAudienceValidation = true
, everything works fine, but i'm not sure how to handle this correctly?
推荐答案
原因是身份验证行为已更改. IdentityServer 3不支持多个受众. Identityserver 4可以.因此,对于旧的处理方式,必须将LegacyAudienceValidation
设置为true
Reason is that authentication behavior changed. IdentityServer 3 didn't support multiple audiences. Identityserver 4 does. So for the old handling LegacyAudienceValidation
has to be set to true
这篇关于.net核心客户端未通过IdentityServer v3进行身份验证-Audience中的偏移的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!