请求工具:postman
posturl:http://localhost:5000/connect/token
参数:grant_type:client_credentials
client_id:1001
client_secret:jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI=
结果:{
"error": "invalid_client"
}
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentityServer()
//设置临时签名凭据
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResourceResources())
//从Config类里面读取刚刚定义的Api资源
.AddInMemoryApiResources(Config.GetApiResources())
//从Config类里面读取刚刚定义的Client集合
.AddInMemoryClients(Config.GetClients());
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseAuthorization();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
请求返回结果
IdentityServer4.Validation.TokenRequestValidator[0]
Client cannot request OpenID scopes in client credentials flow{ clientId = client1 }, details: {
"ClientId": "client1",
"GrantType": "client_credentials",
"Scopes": "api1",
"AuthorizationCode": "",
"RefreshToken": "",
"Raw": {
"grant_type": "client_credentials",
"client_id": "client1",
"client_secret": "REDACTED",
"scope": "api1"
}
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>() {
new Client(){
ClientId ="client1",
//授权方式为用户密码模式授权,类型可参考GrantTypes枚举
AllowedGrantTypes = GrantTypes.ClientCredentials,
//认证秘钥,用于验证的secret
ClientSecrets =
{
new Secret("123456".Sha256())
},
// 允许的范围
AllowedScopes ={
"api1"
}
},
// resource owner password grant client
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("123456".Sha256())
},
AllowedScopes = {
"api2"
//必须要添加,否则报forbidden错误
,IdentityServerConstants.StandardScopes.OpenId
,IdentityServerConstants.StandardScopes.Profile
}
}
};
}
配置Client不是关键的,关键的是需要ConfigService配置Scopes,具体可以参看IdentityServer4 4.1.1版本入坑指南。
把你的配置发出来看一下
你好已补充
问题已找到,应该是client配置有问题,参考配置错误
你把你IdentityServer 4 的 Config.GetClients()) 这个定义发出来啊
public static IEnumerable<Client> GetClients()
{
return new List<Client>() {
new Client(){
ClientId ="client1",
//授权方式为用户密码模式授权,类型可参考GrantTypes枚举
AllowedGrantTypes = GrantTypes.ClientCredentials,
//认证秘钥,用于验证的secret
ClientSecrets =
{
new Secret("123456".Sha256())
},
// 允许的范围
AllowedScopes ={
"api1"
}
}
};
}
问题已解决