我正试图通过学习IdentityServer来解决问题,这样我就可以在我的工作场所实施单点登录。我有一个本地运行的POC服务,当我请求配置时,这是显示的配置:
{"issuer":"https://localhost:44345/core","jwks_uri":"https://localhost:44345/core/.well-known/jwks","authorization_endpoint":"https://localhost:44345/core/connect/authorize","token_endpoint":"https://localhost:44345/core/connect/token","userinfo_endpoint":"https://localhost:44345/core/connect/userinfo","end_session_endpoint":"https://localhost:44345/core/connect/endsession","check_session_iframe":"https://localhost:44345/core/connect/checksession","revocation_endpoint":"https://localhost:44345/core/connect/revocation","introspection_endpoint":"https://localhost:44345/core/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"scopes_supported":["openid","profile","email","roles","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at","email","email_verified","role"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"grant_types_supported":["authorization_code","client_credentials","password","refresh_token","implicit"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic"]}
作为其中一部分,您可以看到:
"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"]
但是,当我向服务发送请求时,url中的responseType = id_token,我收到错误消息:
授权服务器不支持请求的响应类型。
我已经尝试了其他responseType值,但仍然收到此错误消息。
我基本上是网络安全和IdentityServer的初学者,所以我确信我遗漏了一些非常基本的东西。
答案 0 :(得分:1)
这非常愚蠢。我在IdentityServer上看到的所有在线示例都将参数显示为responseTypes(camel case)。我认为这些示例必须全部针对较旧版本的平台完成。
要发送的正确参数名称是response_types。
答案 1 :(得分:1)
以下网站列出了可以发送到授权终端的可能参数列表:
正确的参数是“ response_type ”而不是“ response_types ”:)