Question

我似乎无法理解为什么我会从identityserver获取unauthorized_client。我使用oidc-client和Angular 4 ui以及web.net的asp.net核心。我无法连接到身份服务器，因为每次返回我的客户端都是unauthorized_client。

这是注册客户：

new Client
{
    ClientId = "EStudent",
    ClientName = "EStudent",
    AllowedGrantTypes = GrantTypes.Implicit,
    RequireClientSecret = false,
    AllowAccessTokensViaBrowser = true,
    AllowedCorsOrigins = { "http://localhost:63150" },
    LogoutSessionRequired = false,
    RequireConsent = false,
    AllowedScopes = new List<string>
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        "UsersAPI",
    },
    AlwaysIncludeUserClaimsInIdToken = true,
    RedirectUris = {
        "http://localhost:63150/oauth.html"
    },
    PostLogoutRedirectUris = {
        "http://localhost:63150/",
        $"{this._baseAddress}/index.html"
    },
    AllowOfflineAccess = true,
}

这是Angular中的身份验证服务：

import { Injectable, EventEmitter } from '@angular/core';
import { Http, Headers, RequestOptions, Response } from '@angular/http';
import { Observable } from 'rxjs/Rx';

import { UserManager, User } from 'oidc-client';
import { environment } from '../../../environments/environment';

const settings: any = {
    authority: 'http://localhost:8200/oauth',
    client_id: 'EStudent',
    redirect_uri: 'http://localhost:63150/auth.html',
    post_logout_redirect_uri: 'http://localhost:63150/index.html',
    response_type: 'id_token token',
    scope: 'openid profile UsersAPI',

    silent_redirect_uri: 'http://localhost:63150/silent-renew.html',
    automaticSilentRenew: true,
    accessTokenExpiringNotificationTime: 4,
    // silentRequestTimeout:10000,

    filterProtocolClaims: true,
    loadUserInfo: true
};

@Injectable()
export class AuthService {
    mgr: UserManager = new UserManager(settings);
    userLoadededEvent: EventEmitter<User> = new EventEmitter<User>();
    currentUser: User;
    loggedIn = false;
    authHeaders: Headers;

    constructor(private http: Http) {
        this.mgr.getUser().then((user) => {
            if (user) {
                this.loggedIn = true;
                this.currentUser = user;
                this.userLoadededEvent.emit(user);
            } else {
                this.loggedIn = false;
            }
        }).catch((err) => {
            this.loggedIn = false;
        });

        this.mgr.events.addUserLoaded((user) => {
            this.currentUser = user;
            this.loggedIn = !(user === undefined);
            if (!environment.production) {
                console.log('authService addUserLoaded', user);
            }
        });

        this.mgr.events.addUserUnloaded((e) => {
            if (!environment.production) {
              console.log('user unloaded');
            }
            this.loggedIn = false;
        });
    }
}

最后我像这样调用身份服务器：

constructor(public oidcSecurityService: AuthService) { }

ngOnInit() {
    this.oidcSecurityService.mgr.signinRedirect();
}

发送的请求如下所示：http://localhost:8200/oauth/connect/authorize?client_id=EStudent&redirect_uri=http%3A%2F%2Flocalhost%3A63150%2Fauth.html&response_type=id_token%20token&scope=openid%20profile%20UsersAPI&state=91ea5de6886a49a997704bbdb4beda0c&nonce=295e6bf737274ea18ee2f575c93d150b

Answer 1

您的IdentityServer Client的{{1}}与请求中使用的redirectUri不匹配：

http://localhost:63150/oauth.html

在请求中，您使用：

http://localhost:63150/auth.html

请注意缺少o。

Identityserver隐式流未授权。客户端

1 个答案: