IdentityServer3 PostMan invalid_client

时间:2016-09-16 21:40:36

标签: c# oauth-2.0 identityserver3

我已经在IIS中设置了一个运行IdentityServer3的实例。

        var validators = new List<Registration<ISecretValidator>>
        {
            new Registration<ISecretValidator, HashedSharedSecretValidator>(),
            new Registration<ISecretValidator, X509CertificateThumbprintSecretValidator>()
        };

        // .Register() is an extension method that setups that setups the
        // IdentityServerServiceFactory
        var factory = new EntityFrameworkServiceOptions()
                    .Register()
                    .UseInMemoryUsers(Users.Get());
        factory.SecretValidators = validators;

        app.Map($"/{IdentityServer.Path}", server =>
        {
            server.UseIdentityServer(new IdentityServerOptions()
            {
                RequireSsl = false,
                SiteName = siteName,
                SigningCertificate = Certificate.Load(),
                Factory = factory,

                // Currently does nothing. There are no plugins.
                PluginConfiguration = ConfigurePlugins,
                AuthenticationOptions = new AuthenticationOptions()
                {
                    EnablePostSignOutAutoRedirect = true,

                    // Currently does nothing. There are no IdentityProviders setup
                    IdentityProviders = ConfigureIdentityProviders
                }
            });
        });

我在EF数据库中为Client Credentials Flow设置了一个客户端。所以在Client表中有一个客户端,我已经让客户端访问了ClientScopes表中的作用域,并且我已经在ClientSecrets表中给了客户一个秘密

存储在数据库中的相关值是(未列出的所有值都是IdentityServer3的默认值):

ClientId = 'client'
Flow = 'ClientCredentials [3]'
ClientScope = 'api'
ClientSecret = 'secret'.Sha256()

我正在尝试从Postman获取一个新令牌:enter image description here

enter image description here

IdentityServer正在测试服务器上运行,这就是我没有选择“本地请求访问令牌”的原因。

当我点击“请求令牌”时,我收到以下错误:

2016-09-16 16:18:28.470 -05:00 [Debug] Start client validation
2016-09-16 16:18:28.470 -05:00 [Debug] Start parsing Basic Authentication secret
2016-09-16 16:18:28.470 -05:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret id found: "client"
2016-09-16 16:18:28.470 -05:00 [Debug] No matching hashed secret found.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret validators could not validate secret
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Client validation failed.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] End token request
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Returning error: invalid_client

我不确定为什么验证器无法验证秘密。它保存在数据库中,因为Sha256和IdentityServer可以解析和验证Sha256。

更新的: 我让它从Postman做一个POST并填写相应的x-www-form-urlencoded字段,但我仍然没有弄清楚如何使用Authorization选项卡和“Get New Access Token”功能让它工作邮差。可以用来从IdentityServer3获取访问令牌吗?

2 个答案:

答案 0 :(得分:2)

对Postman内置的OAuth2令牌的支持工作正常。您可以使用客户端。客户端凭据和授权代码授予类型都可以正常工作 - 如果您将授权代码类型设置为如下所示,您甚至会获得一个允许您输入用户名和密码的弹出窗口。这是我用于授权代码流的客户端条目:

new Client
{
    ClientId = "postmantestclient",
    ClientName = "Postman http test client",
    Flow = Flows.AuthorizationCode,
    AllowAccessToAllScopes = true,
    IdentityTokenLifetime = 60 * 60 * 24,
    AccessTokenLifetime = 60 * 60 * 24,
    RequireConsent = false,
    ClientSecrets = new List<Secret>
    {
        new Secret("PostmanSecret".Sha256())
    },
    RedirectUris = new List<string>()
    {
        "https://www.getpostman.com/oauth2/callback"
    }
}

以下是我设置Postman请求的方式

Get New Access Token Popup in Postman Desktop

不是对话框中的网址。系统不是很宽容,如果你得到一个URL错误,你可能会在发出请求时看到一个完全伪造的CORS错误。

答案 1 :(得分:1)

我已经使用了,但没有使用Postman的“获取新访问令牌”功能。我无法弄清楚为什么这不起作用:p我只是发布到令牌URL给了我一个访问令牌,然后我就可以在后续的服务调用中使用它。

public static string data = null;
[PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
public static string Run()
{
    try
    {
        // Create a new FileSystemWatcher and set its properties.
        FileSystemWatcher watcher = new FileSystemWatcher();
        //watcher.Path = System.IO.Directory.GetCurrentDirectory();
        watcher.Path = Path.Combine(HttpRuntime.AppDomainAppPath, "view");
        /* Watch for changes in LastAccess and LastWrite times, and
           the renaming of files or directories. */
        watcher.NotifyFilter = NotifyFilters.LastWrite
           | NotifyFilters.FileName | NotifyFilters.DirectoryName;
        watcher.Filter = "info.txt";

        // Add event handlers.
        watcher.Changed += new FileSystemEventHandler(OnChanged);

        // Begin watching.
        watcher.EnableRaisingEvents = true;
    }
    catch (Exception ex)
    {
        Console.Write(ex.ToString());
    }
    return data;

}

private static void OnChanged(object source, FileSystemEventArgs e)
{
    data = FileManager.Read();
}

然后在您的服务器调用中使用它,将以下内容添加到标题中:

授权:持票人[access_token]

相关问题
最新问题