Question

我想从我的React App（在http://localhost:3000上运行）调用IdentityServer 4的Token Endpoint。所以我在做一些登录方法：

login = () => {
    const userdata = {
      username: 'admin',
      password: 'admin',
    };
    const dataForBody = `${'client_id=js&'}${'grant_type=password&' +
        'username='}${encodeURI(userdata.username)}&` +
        `password=${encodeURI(userdata.password)}&` +
        `scope=${encodeURI('api1')}`;

    const messageHeaders = {
      'Content-Type': 'application/x-www-form-urlencoded',
    };

    axios({
      method: 'post',
      url: 'http://localhost:5000/connect/token',
      headers: messageHeaders,
      data: dataForBody,
    })
      .then((response) => {
        console.log(response);
      });
  }

现在我收到以下回复：

{"error":"unauthorized_client"}

我的IdSrv设置类似于js应用程序示例。

config.cs

namespace QuickstartIdentityServer
{
    public class Config
    {
        // scopes define the API resources in your system
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("api1", "My API")
            };
        }

        // client want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                 new Client
                {
                    ClientId = "js",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,

                    RedirectUris =           { "http://localhost:3000/login" },
                    AllowedCorsOrigins =     { "http://localhost:3000" },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "api1"
                    }
                }
            };
        }

        public static List<TestUser> GetUsers()
        {

            return new List<TestUser> {
                new TestUser {
                    SubjectId = "1", Username = "admin", Password = "admin"
                },
             };

        }

    }
}

startup.cs

namespace QuickstartIdentityServer
{
    public class Startup
    {
        public void ConfigureServices(IServiceCollection services)
        {
            // configure identity server with in-memory stores, keys, clients and scopes
            services.AddIdentityServer()
                .AddTemporarySigningCredential()
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients())
                .AddTestUsers(Config.GetUsers());
        }

        public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(LogLevel.Debug);
            app.UseDeveloperExceptionPage();

            app.UseIdentityServer();
        }
    }
}

我错过了什么吗？

Answer 1

问题在于客户端定义：

AllowedGrantTypes = GrantTypes.Implicit,

不正确。我们必须使用：

AllowedGrantTypes = ResourceOwnerPassword

Answer 2

跳出来的直接问题是您尝试通过将用户名和密码作为URL参数进行身份验证来使用令牌服务进行身份验证。客户端的用户名和密码应使用标准的基本授权标头传递：

Authorization: Basic Base64Encode(myusername:mypassword)

对于这个例子，最终看起来像这样：

Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk

调用Identity Server Token EndPoint

2 个答案: