IdentityServer3拒绝出现在openid" wellknown"中的响应类型配置

时间:2016-09-08 16:30:54

标签: c# identityserver3 openid-connect

我正试图通过学习IdentityServer来解决问题,这样我就可以在我的工作场所实施单点登录。我有一个本地运行的POC服务,当我请求配置时,这是显示的配置:

{"issuer":"https://localhost:44345/core","jwks_uri":"https://localhost:44345/core/.well-known/jwks","authorization_endpoint":"https://localhost:44345/core/connect/authorize","token_endpoint":"https://localhost:44345/core/connect/token","userinfo_endpoint":"https://localhost:44345/core/connect/userinfo","end_session_endpoint":"https://localhost:44345/core/connect/endsession","check_session_iframe":"https://localhost:44345/core/connect/checksession","revocation_endpoint":"https://localhost:44345/core/connect/revocation","introspection_endpoint":"https://localhost:44345/core/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"scopes_supported":["openid","profile","email","roles","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at","email","email_verified","role"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"grant_types_supported":["authorization_code","client_credentials","password","refresh_token","implicit"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic"]}

作为其中一部分,您可以看到:

"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"]

但是,当我向服务发送请求时,url中的responseType = id_token,我收到错误消息:

授权服务器不支持请求的响应类型。

我已经尝试了其他responseType值,但仍然收到此错误消息。

我基本上是网络安全和IdentityServer的初学者,所以我确信我遗漏了一些非常基本的东西。

2 个答案:

答案 0 :(得分:1)

这非常愚蠢。我在IdentityServer上看到的所有在线示例都将参数显示为responseTypes(camel case)。我认为这些示例必须全部针对较旧版本的平台完成。

要发送的正确参数名称是response_types。

答案 1 :(得分:1)

以下网站列出了可以发送到授权终端的可能参数列表:

正确的参数是“ response_type ”而不是“ response_types ”:)