客户端的流无效:隐式。身份服务器授权

时间:2017-10-02 03:50:41

标签: php identityserver3

我正在尝试使用identiy服务器授权应用,但是当我尝试登录时会说The client application is not known or is not authorized。我正在尝试使用此端点和凭据进行授权,使用返回字符串进行重定向的函数。 

function create_login_url(){
return "indentiy-dev12:8443/connect/authorize?"
    ."client_id=" ."MyClient". "&" . 
"scope=" . urlencode(openid profile read write email roles) . "&" .
"redirect_uri=" . "http://localhost:8080/my-page/validate.php" . "&" .
"response_mode=" . "form_post" . "&" .
"state=" . time() . rand() . "&" .
"nonce=" . rand() . time() . "&" .
"reponse_type=" . urlencode(id_token token);
 }

客户端是使用以下信息创建的:

        {
            ClientName = "My Client",
            Enabled = true,
            ClientId = "MyClient",
            ClientSecrets = new List<ClientSecret>
            {
                new ClientSecret("MyClient".Sha256())
            },
            RedirectUris = new List<string>
            {
                "http://192.168.0.30/my-page/validate.php",
                "http://localhost:8080/my-page/validate.php",
            },

            PostLogoutRedirectUris = new List<string>
            {
               "http://192.168.0.30/my-page/validate.php",
               "http://localhost:8080/my-page/validate.php",
            },

            Flow = Flows.ResourceOwner
        }

这就是日志所说的内容:

w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 9/25/2017 5:35:14 PM +00:00 -- Start authorize request client validation
Debug: [Cache]: 9/25/2017 5:35:14 PM +00:00 -- Cache hit: MyClient
w3wp.exe Error: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 9/25/2017 5:35:14 PM +00:00 -- Invalid flow for client: Implicit
 {
  "ClientId": "MyClient",
  "ClientName": "My Client",
  "RedirectUri": "http://localhost:8080/my-page/validate.php",
  "AllowedRedirectUris": [
    "http://192.168.0.30/my-page/validate.php",
    "http://localhost:8080/my-page/validate.php"
  ],
  "SubjectId": "user.fabio",
  "ResponseType": "id_token token",
  "ResponseMode": "form_post",
  "Flow": "Implicit",
  "RequestedScopes": "openid profile read write email roles",
  "State": "15063609141165646676",
  "Nonce": "15954663491506360914",
  "SessionId": "33e89e5746b59e895c5d6edf6b5220b4",
  "Raw": {
    "client_id": "MyClient",
    "scope": "openid profile read write email roles",
    "redirect_uri": "http://localhost:8080/my-page/validate.php",
    "response_mode": "form_post",
    "state": "15063609141165646676",
    "nonce": "15954663491506360914",
    "response_type": "id_token token"
  }
}
w3wp.exe Information: 0 : [Events]: 9/25/2017 5:35:14 PM +00:00 -- {
  "Category": "Endpoints",
  "Name": "Endpoint failure",
  "EventType": "Failure",
  "Id": 3001,
  "Message": "unauthorized_client",
  "Details": {
    "EndpointName": "authorize"
  },
  "Context": {
    "ActivityId": "c30c1550-4cf7-4527-8d09-b42e2557ffaa",
    "TimeStamp": "2017-09-25T17:35:14.1943477+00:00",
    "ProcessId": 696,
    "MachineName": "machine-name",
    "RemoteIpAddress": "192.168.70.28",
    "SubjectId": "user.fabio"
  }
}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthorizeEndpointController]: 9/25/2017 5:35:14 PM +00:00 -- End authorize request
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- AuthorizationCodeStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- TokenHandleStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- ConsentStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- RefreshTokenStore not configured - falling back to InMemory
w3wp.exe Information: 0 : [Events]: 9/25/2017 6:33:39 PM +00:00 -- {
  "Category": "Information",
  "Name": "Signing certificate validation success",
  "EventType": "Information",
  "Id": 4012,
  "Details": {
    "SigningCertificateName": "CN=idsrv3test",
    "SigningCertificateExpiration": "2020-01-20T16:00:00-06:00"
  },
  "Context": {
    "TimeStamp": "2017-09-25T18:33:39.0033098+00:00",
    "ProcessId": 8468,
    "MachineName": "machine-name"
  }
}

我正在尝试登录的服务器不在我的电脑中。还有另一个客户端可以成功登录。

1 个答案:

答案 0 :(得分:0)

您的登录请求要求提供身份令牌和访问令牌。这转换为隐式授权类型。

但是,您的客户端条目是针对ROPC授权类型配置的。 ROPC不是真正的身份验证,也不是OpenID Connect,因此您无法使用它获取身份令牌。这就是您从IdentityServer收到错误消息的原因。

您需要将客户流程更改为Flows.Implicit

P.S。您似乎正在使用非常旧版本的IdentityServer。几年前他们放弃了Thinktecture前缀。你可能想看一下。

相关问题
最新问题