IdentityServer3在网址中以明文形式显示和保密

时间:2015-10-16 16:14:24

标签: asp.net identityserver3

我正在使用来自ASP.NET MVC / WebForms项目的混合流。我从客户端的重定向包括我的网址中明文的clientId和clientSecret。

https://login.myidp.com/identity/connect/authorize?client_id=clientid&redirect_uri=http%3a%2f%2fdemo.myrp.local%2f&response_mode=form_post&response_type=code+id_token+token&scope=openid+profile+roles+&state=OpenIdConnect.AuthenticationProperties%3dKPE-usNQD3RL79IYOnUFyaPdhDXFZQX76E989A11MXO2AM4uFFJIpy-SXA_T6XAMLQA7xBC6YlGHGC8hEkUueybPFUzyrPDGAtm0L1zEtzaZLFMtTNi3MMt0571uk_7kQwZfFDM7KdBL6K-evFZ1h8JhcgfhWGLYWcyahZc0QS_N0-H6JZb-d5gDOGchdCUCtnNwsXSaL24udJ9u9ZBfevUxttDs-nJAuBWKYUtKe5E&nonce=635806083513709419.YmI1MWM0M2MtMWMyZi00MTI1LTkwNmMtZWEwZjdiMjNkMDcxNzBlYWQ4MDUtZmUxYi00NzdlLTlhZDctZjU2NGFhNWM2NGVk&client_secret=thisismysecreta

我的客户端设置代码与示例代码非常相似:

  app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {

                ClientId = "myclientid",
                ClientSecret =  "this is my secret",
                Authority = MyConstants.IdSrv,

                RedirectUri = myurl,
                               ResponseType = "code id_token token",
                Scope = "openid profile roles "
etc.

这似乎不是一个好主意。我在这里错过了一些非常明显的东西吗?

0 个答案:

没有答案
相关问题
最新问题