首页 新闻 会员 周边

.NetCore3.1配置IdentityServer4认证服务,一直不能获取Token,请高手指点迷津??

0
悬赏园豆:10 [已解决问题] 解决于 2020-11-18 11:11

请求工具:postman
posturl:http://localhost:5000/connect/token
参数:grant_type:client_credentials
client_id:1001
client_secret:jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI=
结果:{
"error": "invalid_client"
}

问题补充:

public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentityServer()
//设置临时签名凭据
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResourceResources())
//从Config类里面读取刚刚定义的Api资源
.AddInMemoryApiResources(Config.GetApiResources())
//从Config类里面读取刚刚定义的Client集合
.AddInMemoryClients(Config.GetClients());

    }

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseAuthorization();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});

    }

请求返回结果
IdentityServer4.Validation.TokenRequestValidator[0]
Client cannot request OpenID scopes in client credentials flow{ clientId = client1 }, details: {
"ClientId": "client1",
"GrantType": "client_credentials",
"Scopes": "api1",
"AuthorizationCode": "",
"RefreshToken": "",
"Raw": {
"grant_type": "client_credentials",
"client_id": "client1",
"client_secret": "REDACTED",
"scope": "api1"
}
}
我想啸天的主页 我想啸天 | 初学一级 | 园豆:79
提问于:2020-11-17 16:45
< >
分享
最佳答案
0

public static IEnumerable<Client> GetClients()
{
return new List<Client>() {
new Client(){
ClientId ="client1",
//授权方式为用户密码模式授权,类型可参考GrantTypes枚举
AllowedGrantTypes = GrantTypes.ClientCredentials,
//认证秘钥,用于验证的secret
ClientSecrets =
{
new Secret("123456".Sha256())
},
// 允许的范围
AllowedScopes ={
"api1"
}
},
// resource owner password grant client
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("123456".Sha256())
},
AllowedScopes = {
"api2"
//必须要添加,否则报forbidden错误
,IdentityServerConstants.StandardScopes.OpenId
,IdentityServerConstants.StandardScopes.Profile
}
}
};
}

我想啸天 | 初学一级 |园豆:79 | 2020-11-18 11:10

配置Client不是关键的,关键的是需要ConfigService配置Scopes,具体可以参看IdentityServer4 4.1.1版本入坑指南。

我想啸天 | 园豆:79 (初学一级) | 2020-11-18 11:22
其他回答(2)
0

把你的配置发出来看一下

收获园豆:5
小小高 | 园豆:1095 (小虾三级) | 2020-11-17 19:52

你好已补充

支持(0) 反对(0) 我想啸天 | 园豆:79 (初学一级) | 2020-11-18 09:11

问题已找到,应该是client配置有问题,参考配置错误

支持(0) 反对(0) 我想啸天 | 园豆:79 (初学一级) | 2020-11-18 11:08
0

你把你IdentityServer 4 的 Config.GetClients()) 这个定义发出来啊

收获园豆:5
三梦哥 | 园豆:207 (菜鸟二级) | 2020-11-18 10:26

public static IEnumerable<Client> GetClients()
{
return new List<Client>() {
new Client(){
ClientId ="client1",
//授权方式为用户密码模式授权,类型可参考GrantTypes枚举
AllowedGrantTypes = GrantTypes.ClientCredentials,
//认证秘钥,用于验证的secret
ClientSecrets =
{
new Secret("123456".Sha256())
},
// 允许的范围
AllowedScopes ={
"api1"
}
}
};
}

支持(0) 反对(0) 我想啸天 | 园豆:79 (初学一级) | 2020-11-18 11:08

问题已解决

支持(0) 反对(0) 我想啸天 | 园豆:79 (初学一级) | 2020-11-18 11:09
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册