我正在使用的Identity Server 4解决方案是使用EF Identity DB。我正在使用迁移程序集来管理客户端,API和标识资源信息。 出于某种原因,我不知道持久授权信息没有保存到持久授权表中?请在下面找到起始文件以及我最新测试中的日志文件的链接。
Identity Server启动:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using AuthServer.Data;
using AuthServer.Models;
using AuthServer.Services;
using System.Reflection;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Extensions.Logging;
namespace AuthServer
{
public class Startup
{
#region "Startup"
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
#endregion
#region "ConfigureServices"
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
string connectionString = Configuration.GetConnectionString("DefaultConnection");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddAspNetIdentity<ApplicationUser>()
// this adds the config data from DB (clients, resources)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 15; // interval in seconds. 15 seconds useful for debugging
});
services.AddAuthentication()
.AddGoogle("Google", options =>
{
options.ClientId = "434483408261-55tc8n0cs4ff1fe21ea8df2o443v2iuc.apps.googleusercontent.com";
options.ClientSecret = "3gcoTrEDPPJ0ukn_aYYT6PWo";
});
}
#endregion
#region "Configure"
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
// app.UseAuthentication(); // not needed, since UseIdentityServer adds the authentication middleware
app.UseIdentityServer();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
#endregion
}
}
Identity Server日志文件: https://github.com/gotnetdude/AuthServerWithAngularClient/blob/master/AuthServer/AuthServer_log.txt
Identity Server(AuthServer)源代码: https://github.com/gotnetdude/AuthServerWithAngularClient/tree/master/AuthServer
感谢您的帮助......保罗
答案 0 :(得分:2)
从我看到的 - 你正在使用一个带有隐式流的Angular客户端(如果我错了,请纠正我)。这里重要的是流程 - Implicit。
您在PesistedGrants表中看到的内容最常见的是refresh tokens。但是 - 使用Implicit流时,refresh token 不会发布。
这很可能是您在日志文件中看到所有这些行的原因。
然而,这不应该打扰你 - SPA还有其他方法来刷新access_token - 检查this,this和this(如果你不是已经使用了任何方法。)
希望这有帮助
答案 1 :(得分:2)
自包含访问令牌不会保存在PersistedGrantStore中。
记录在案:
访问令牌有两种形式 - 自包含或参考。
http://docs.identityserver.io/en/latest/topics/reference_tokens.html
如果授权授予,同意和令牌(刷新和参考) 希望从EF支持的数据库(...)加载,然后加载 可以使用运营商店。
也许不是很清楚,但这里没有提到自包含的访问令牌。