使用Aurelia-Auth从IdentityServer获取JWT的配置

时间:2015-09-22 19:25:53

标签: aurelia identityserver3 aurelia-auth

我无法从IdentityServer3获取JWT。我正在使用aurelia和aurelia-auth。

我从IdentityServer获得的错误是  “客户端应用程序未知或未经授权。”

想知道我在配置中缺少什么?配置如下

//Server Clients
public static class Clients
{
    public static IEnumerable<Client> Get()
    {
        return new List<Client> {
            new Client {
                ClientName = "AureliaApplication",
                Enabled = true,
                ClientId = "aureliaClient",
                AllowAccessToAllScopes = true,
                Flow = Flows.ResourceOwner,
                AccessTokenType = AccessTokenType.Jwt,
                AccessTokenLifetime = 3600
            }
        };
    }
}

//Aurelia-Auth Provider Config
var config = {
    providers: {
        IdentityServerV3: {
            name:'IdentityServerV3',
            url: '/auth/IdentityServerV3',
            authorizationEndpoint: 'https://localhost:44300/core/connect/authorize',
            redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
            scope: ['openid'],
            scopePrefix: 'openid',
            scopeDelimiter: '&',
            display: 'popup',
            type: '2.0',
            clientId: 'aureliaClient',
            popupOptions: { width: 1020, height: 618 }
        }
    }
}

export default config;

1 个答案:

答案 0 :(得分:1)

您需要在IdentityServer

中配置客户端的范围 
new Client
{
    ClientId = "Aurelia Client",
    ClientName = "aureliaClient",
    ClientSecrets = new List<Secret> {
        new Secret(Constants.IdentitySecret.Sha256())
    },
    Flow = Flows.Hybrid,
    RequireConsent = true,
    AllowRememberConsent = true,
    RedirectUris = new List<string> {
        "http://localhost:9000"
    },
    PostLogoutRedirectUris = new List<string> {
        "http://localhost:9000"
    },
    AllowedScopes = new List<string> {
        Constants.StandardScopes.OpenId,
        Constants.StandardScopes.Profile,
        Constants.StandardScopes.Roles,
        "apiAccess"
    }
}

Aurelia配置必须将URL更正为不同的IdentityServer端点。这些端点通常可以在服务器的openid配置中找到(在本例中它将是:https://localhost:44301/core/.well-known/openid-configuration)。 与IdentityServer

中的客户端配置中定义的范围相同 
var config = {
    baseUrl : 'https://localhost:44301/core',
    tokenName : 'id_token',
    profileUrl: '/connect/userinfo',
    unlinkUrl : '/connect/endsession',
    logoutRedirect: '/',
    loginRedirect : '#/',

    providers : {
        identSrv : {
            name: 'identSrv',
            url: '/connect/token',
            authorizationEndpoint: 'https://localhost:44301/core/connect/authorize/',
            redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
            scope: ['profile', 'apiAccess','openid', 'roles'],
            responseType :'code id_token token',
            scopePrefix: '',
            scopeDelimiter: ' ',
            requiredUrlParams: ['scope', 'nonce'],
            optionalUrlParams: ['display'],
            state: 'session_state',
            display: 'popup',
            type: '2.0',
            clientId: 'jsClient',
            flow: 'hybrid',
            nonce : function(){
            var val = ((Date.now() + Math.random()) * Math.random()).toString().replace(".", "");
                return encodeURIComponent(val);
            },
            popupOptions: { width: 452, height: 633 }
    }
}
斯科特实际上找到了解决方案(我只是用它来回答)你可以在他的github上找到一个例子https://github.com/devscott/identityServer3Example

相关问题
最新问题