Question

我尝试使用混合流程使用IdentityServer3（自托管）登录，但是当浏览器尝试连接到http://localhost:44333/core/connect/token时，我收到400 Bad Request，其响应消息如{＆＃34;错误＆＃34;：＆＃34; invalid_client＆＃34;}。请求标头包含从IdentityServer返回的cookie，请求有效负载由access_token，redirecUri，session_state和token_type组成。服务器日志如下所示：

[14:23:20 INF] Creating Hybrid Flow response.
[14:23:20 INF] Creating Implicit Flow response.
[14:23:20 DBG] Creating access token
[14:23:20 DBG] Creating JWT access token
[14:23:20 DBG] Creating identity token
[14:23:20 INF] Getting claims for identity token for subject: Petter
[14:23:20 DBG] Creating JWT identity token
[14:23:20 DBG] Adding client nettweb to client list cookie for subject Petter
[14:23:20 INF] Redirecting to: http://localhost:9000
[14:23:20 INF] CORS request made for path: /connect/token from origin: http://localhost:9000
[14:23:20 INF] Client list checked and origin: http://localhost:9000 is allowed
[14:23:20 INF] CorsPolicyService allowed origin
[14:23:20 INF] Start token request
[14:23:20 DBG] Start client validation
[14:23:20 DBG] Start parsing Basic Authentication secret
[14:23:20 DBG] Start parsing for secret in post body
[14:23:20 DBG] No secret in post body found
[14:23:20 DBG] Start parsing for X.509 certificate
[14:23:20 DBG] client_id is not found in post body
[14:23:20 INF] Parser found no secret
[14:23:20 INF] No client secret found
[14:23:20 INF] End token request
[14:23:20 INF] Returning error: invalid_client

在jwt.io中解析访问令牌表明client_id确实是有效载荷的一部分，所以我对IdSrvr抱怨的原因感到有些不知所措。

客户端设置为：

var config = {
    endpoint: 'auth',
    configureEndpoints: ['auth'],
    baseUrl: 'connect/token',
    token_name: 'id_token',
    profileUrl: '/connect/userinfo',
    unlinkUrl: '/connect/endsession',
    logoutRedirect: '/',
    loginRedirect: '#/',
    providers: {
        identityServer: {
            name: 'Test IdP',
            authorizationEndpoint: 'http://localhost:44333/core/connect/authorize',
            logoutEndpoint: 'http://localhost:44333/core/connect/logout',
            redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
            scope: ['openid', 'profile', 'roles', 'resourceaccess'],
            responseType: 'code id_token token',
            scopePrefix: '',
            scopeDelimiter: ' ',
            requiredUrlParams: ['scope', 'nonce', 'resource'],
            optionalUrlParams: ['display'],
            state: 'session_state',
            oauthType: '2.0',
            clientId: 'testclient',
            clientSecret: 'gsQSM334plJvWpiqKXJvhWcTXsL4Dp7dWIUzcFhappM=',
            flow: 'hybrid',
            nonce: function() {
                var val = ((Date.now() + Math.random()) * Math.random()).toString().replace(".", "");
                return encodeURIComponent(val);
            },
            popupOptions: {width: 452, height: 633},
        }
    }
}

export default config;

其中＆＃39; auth＆＃39;是指http://localhost:44333/core/

（使用的客户端js库：aurelia-authentication）

TIA

混合流：invalid_client

0 个答案: