new Client
{
ClientId = "esmifavorito",
ClientName = "esmifavorito-client",
Enabled = true,
ClientSecrets = new List<ClientSecret>
{
new ClientSecret("esmifavorito".Sha256()) //PQ/pIgjXnBfK67kOxGxz9Eykft6CKPkPewR3jUNEkZo=
},
Flow = Flows.ResourceOwner,
//RequireConsent = false,
//AllowRememberConsent = false,
//ClientUri = "http",
RedirectUris = new List<string>
{
"https://localhost:44304",
},
ScopeRestrictions = new List<string>
{
},
AllowedCorsOrigins = new List<string>
{
"https://localhost:44304",
"http://localhost:50655",
"chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm",
"*",
},
PostLogoutRedirectUris = new List<string>
{
"https://localhost:44304",
},
AccessTokenType = AccessTokenType.Jwt,
IdentityTokenLifetime = 3000,
AccessTokenLifetime = 3600,
AuthorizationCodeLifetime = 300
}
我已经注册了我的客户端,隐式流程可以工作,但我需要实现一个登录表单,以便我尝试使用资源所有者密码凭据授予。 我在Chrome中使用Postman向端点发出请求(这就是为什么我将chrome-extension添加到CORS,只是为了查看是否是错误...)
我尝试了很多请求(使用https)
POST /connect/token HTTP/1.1
Host: localhost:44302
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser&client_id=esmifavorito
-
POST /connect/token HTTP/1.1
Host: localhost:44302
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser&client_id=esmifavorito&client_secret=PQ%2FpIgjXnBfK67kOxGxz9Eykft6CKPkPewR3jUNEkZo%3D
-
POST /connect/token HTTP/1.1
Host: localhost:44302
Authorization: Basic ZXNtaWZhdm9yaXRvOlBRL3BJZ2pYbkJmSzY3a094R3h6OUV5a2Z0NkNLUGtQZXdSM2pVTkVrWm89
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser
那些应该有效,但我总是得到invalid_client
错误日志为空,我不知道我是否已经完成了跟踪器注册
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
app.UseIdentityServer(new IdentityServerOptions
{
LoggingOptions = new LoggingOptions {
IncludeSensitiveDataInLogs = true,
WebApiDiagnosticsIsVerbose = true,
EnableWebApiDiagnostics = true,
//EnableHttpLogging = true
},
SiteName = "Thinktecture IdentityServer3 - UserService-AspNetIdentity",
SigningCertificate = Certificate.Get(string.Format(@"{0}\bin\IdentityServer\IdentityServerEMFDev.pfx", AppDomain.CurrentDomain.BaseDirectory), "KG0yM0At"),
Factory = idSvrFactory,
CorsPolicy = CorsPolicy.AllowAll,
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureAdditionalIdentityProviders,
},
}
);
在web.config中使用此功能
<trace autoflush="true"
indentsize="4">
<listeners>
<add name="myListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="Trace.log" />
<remove name="Default" />
</listeners>
</trace>
客户端数据是正确的,因为我已成功使用隐式流登录。 我错过了什么?这让我感到紧张,我正在阅读OAuth RFC,但我不知道为什么这不应该起作用。
答案 0 :(得分:2)
我尝试了Postman的新版本(我不知道它的编号,但现在它作为Chrome应用程序在桌面上运行),我复制了旧Postman版本的值,现在一切正常。
POST /connect/token HTTP/1.1
Host: localhost:44302
Authorization: Basic ZXNtaWZhdm9yaXRvOmVzbWlmYXZvcml0bw==
Cache-Control: no-cache
Postman-Token: fc4acc63-29f2-6a37-b92c-b62034b13c29
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser&scope=write
这是结果请求。
在Postman 1中,我有相同的东西(不包括Postman-Token),它给了我invalid_client。我甚至使用了类似的Firefox工具,结果相同。
我不知道这怎么可能。
可能是chrome-extension://的内容吗?
我会回答自己,但如果有人知道这里发生了什么,我会永远感激。
答案 1 :(得分:0)