IdentityServer4隐式GrantType会抛出Unauthorized_Client错误

时间:2018-01-10 07:32:20

标签: oauth-2.0 identityserver4

当我运行我的项目并尝试登录以获取访问令牌时,我在浏览器上或使用Postman进行测试时出现Unauthorized_Client错误。我是IdentityServer的新手。这是我的配置:

Config.cs 

public static IEnumerable<IdentityResource> GetIdentityResources()
{
    return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email(),

            // custom identity resource with some consolidated claims
            new IdentityResource("custom.profile", new[] { JwtClaimTypes.Name, JwtClaimTypes.Email, "location" })
        };
}

public static IEnumerable<ApiResource> GetApiResources()
{
    return new List<ApiResource>
        {
            //new ApiResource("NuB.hAPI", "Hospital API")

            new ApiResource
            {
                Name = "NuB.HospitalSearch",
                ApiSecrets = { new Secret("F621F470-9731-4A25-80EF-67A6F7C5F4B8".Sha256()) },
                UserClaims =
                {
                    JwtClaimTypes.Name,
                    JwtClaimTypes.Email,
                    JwtClaimTypes.PhoneNumber,
                    JwtClaimTypes.Gender,
                    "NuB.HospitalSearch"
                },
                Scopes =
                {
                    new Scope
                    {
                        Name = "NuB.HospitalSearch",
                        DisplayName = "Full access to Hospital Search App"
                    },
                    new Scope
                    {
                        Name = "openid",
                        DisplayName = "Read only access to Hospital Search App"
                    }
                }
            }
        };
}

// clients want to access resources (aka scopes)
public static IEnumerable<Client> GetClients()
{
    // client credentials client
    return new List<Client>
        {
            new Client
            {
                ClientId = "mvcWeb",
                ClientName = "MVC Web Client",
                AllowedGrantTypes = GrantTypes.Implicit,
                AccessTokenType = AccessTokenType.Jwt,
                RequireConsent = true,

                ClientSecrets = 
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "http://localhost:5002/signin-oidc" },
                PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "NuB.HospitalSearch"
                },
                AllowOfflineAccess = true
            }
        };
}

我正在使用带有IdentityServer4的EntityFrameworkCore的ASP.NET身份来执行此操作。这可能是一个简单的问题,但请指出正确的方向。

1 个答案:

答案 0 :(得分:0)

Unauthorized_Client means that your client is trying to authencate to the Ids with a client that does not exist. You apear to have created a client called mvcWeb

That means that your client will need to use a client id of mvcWeb your client code should probably look something like this. Note options.ClientId = "mvcWeb";

.AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                options.Authority =  settingsSetup.Authority;
                options.RequireHttpsMetadata = false;

                options.ClientId = "mvcWeb";
                options.ClientSecret = "secret";
                options.ResponseType = oidcConstants.ResponseTypes.CodeIdTokenToken;                    
                options.Scope.Add("openid");

                options.Scope.Add("profile");

            });
相关问题
最新问题