我正在尝试使用identiy服务器授权应用,但是当我尝试登录时会说The client application is not known or is not authorized
。我正在尝试使用此端点和凭据进行授权,使用返回字符串进行重定向的函数。
function create_login_url(){
return "indentiy-dev12:8443/connect/authorize?"
."client_id=" ."MyClient". "&" .
"scope=" . urlencode(openid profile read write email roles) . "&" .
"redirect_uri=" . "http://localhost:8080/my-page/validate.php" . "&" .
"response_mode=" . "form_post" . "&" .
"state=" . time() . rand() . "&" .
"nonce=" . rand() . time() . "&" .
"reponse_type=" . urlencode(id_token token);
}
客户端是使用以下信息创建的:
{
ClientName = "My Client",
Enabled = true,
ClientId = "MyClient",
ClientSecrets = new List<ClientSecret>
{
new ClientSecret("MyClient".Sha256())
},
RedirectUris = new List<string>
{
"http://192.168.0.30/my-page/validate.php",
"http://localhost:8080/my-page/validate.php",
},
PostLogoutRedirectUris = new List<string>
{
"http://192.168.0.30/my-page/validate.php",
"http://localhost:8080/my-page/validate.php",
},
Flow = Flows.ResourceOwner
}
这就是日志所说的内容:
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 9/25/2017 5:35:14 PM +00:00 -- Start authorize request client validation
Debug: [Cache]: 9/25/2017 5:35:14 PM +00:00 -- Cache hit: MyClient
w3wp.exe Error: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 9/25/2017 5:35:14 PM +00:00 -- Invalid flow for client: Implicit
{
"ClientId": "MyClient",
"ClientName": "My Client",
"RedirectUri": "http://localhost:8080/my-page/validate.php",
"AllowedRedirectUris": [
"http://192.168.0.30/my-page/validate.php",
"http://localhost:8080/my-page/validate.php"
],
"SubjectId": "user.fabio",
"ResponseType": "id_token token",
"ResponseMode": "form_post",
"Flow": "Implicit",
"RequestedScopes": "openid profile read write email roles",
"State": "15063609141165646676",
"Nonce": "15954663491506360914",
"SessionId": "33e89e5746b59e895c5d6edf6b5220b4",
"Raw": {
"client_id": "MyClient",
"scope": "openid profile read write email roles",
"redirect_uri": "http://localhost:8080/my-page/validate.php",
"response_mode": "form_post",
"state": "15063609141165646676",
"nonce": "15954663491506360914",
"response_type": "id_token token"
}
}
w3wp.exe Information: 0 : [Events]: 9/25/2017 5:35:14 PM +00:00 -- {
"Category": "Endpoints",
"Name": "Endpoint failure",
"EventType": "Failure",
"Id": 3001,
"Message": "unauthorized_client",
"Details": {
"EndpointName": "authorize"
},
"Context": {
"ActivityId": "c30c1550-4cf7-4527-8d09-b42e2557ffaa",
"TimeStamp": "2017-09-25T17:35:14.1943477+00:00",
"ProcessId": 696,
"MachineName": "machine-name",
"RemoteIpAddress": "192.168.70.28",
"SubjectId": "user.fabio"
}
}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthorizeEndpointController]: 9/25/2017 5:35:14 PM +00:00 -- End authorize request
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- AuthorizationCodeStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- TokenHandleStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- ConsentStore not configured - falling back to InMemory
w3wp.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 9/25/2017 6:33:38 PM +00:00 -- RefreshTokenStore not configured - falling back to InMemory
w3wp.exe Information: 0 : [Events]: 9/25/2017 6:33:39 PM +00:00 -- {
"Category": "Information",
"Name": "Signing certificate validation success",
"EventType": "Information",
"Id": 4012,
"Details": {
"SigningCertificateName": "CN=idsrv3test",
"SigningCertificateExpiration": "2020-01-20T16:00:00-06:00"
},
"Context": {
"TimeStamp": "2017-09-25T18:33:39.0033098+00:00",
"ProcessId": 8468,
"MachineName": "machine-name"
}
}
我正在尝试登录的服务器不在我的电脑中。还有另一个客户端可以成功登录。
答案 0 :(得分:0)
您的登录请求要求提供身份令牌和访问令牌。这转换为隐式授权类型。
但是,您的客户端条目是针对ROPC授权类型配置的。 ROPC不是真正的身份验证,也不是OpenID Connect,因此您无法使用它获取身份令牌。这就是您从IdentityServer收到错误消息的原因。
您需要将客户流程更改为Flows.Implicit
P.S。您似乎正在使用非常旧版本的IdentityServer。几年前他们放弃了Thinktecture前缀。你可能想看一下。