授权标题需要'凭据'参数

时间:2018-02-19 10:40:42

标签: identityserver4

我们将Identity Server4与.NET Core一起使用,并将该应用程序部署为AWS Serverless lambda函数。当调用令牌端点生成访问令牌时,我们收到以下错误消息:

{
"message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic Y2xpZW50OnNlY3JldA=="

}

以下是Identity Server应用程序中的ConfigurationServices方法:

 public void ConfigureServices(IServiceCollection services)
    {
        services.AddSingleton<IConfiguration>(Configuration);

        //connection string
        string connectionString = Configuration.GetConnectionString("IdentityServer");

        var rsaProvider = new RSACryptoServiceProvider(2048);

        SecurityKey key = new RsaSecurityKey(rsaProvider);

        var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials
              (key, SecurityAlgorithms.RsaSha256Signature);


        var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

        services.AddIdentityServer()
           .AddSigningCredential(credentials)
            // this adds the config data from DB (clients, resources)
            .AddConfigurationStore(options =>
            {
                options.ConfigureDbContext = builder =>
                builder.UseSqlServer(connectionString,
                sql => sql.MigrationsAssembly(migrationsAssembly));
            }) // this adds the operational data from DB (codes, tokens, consents)
            .AddOperationalStore(options =>
            {
                options.ConfigureDbContext = builder =>
                builder.UseSqlServer(connectionString,
            sql => sql.MigrationsAssembly(migrationsAssembly));

                // this enables automatic token cleanup. this is optional.
                 options.EnableTokenCleanup = true;
                 options.TokenCleanupInterval = 30;
            });

        // Add S3 to the ASP.NET Core dependency injection framework.
        services.AddAWSService<Amazon.S3.IAmazonS3>();
    }

以下是我们的客户端应用程序,它调用身份服务器的令牌端点来生成令牌:

[HttpGet]
    public async Task<IActionResult> Get(string client, string secret)
    {

        IActionResult result = null;

        //discover endpoints from metadata

        //var disco = await DiscoveryClient.GetAsync("http://localhost:3000/");

        var disco = await DiscoveryClient.GetAsync("hide for security reasons/");

        if (disco.IsError)
        {
            result = NotFound(disco.Error);

            return result;
        }
        //request token

        var tokenClient = new TokenClient(disco.TokenEndpoint, client, secret);

        var tokenResponse = await tokenClient.RequestClientCredentialsAsync(scope: "sup");

        if (tokenResponse.IsError)
        {
            result = NotFound(tokenResponse.Error);
        }

        result = Ok(tokenResponse.Json);

        return result;
    }

2 个答案:

答案 0 :(得分:0)

以防万一有人进入这里,这是我发生的,因为我的URL路径中有一个错字

当我纠正错字时,一切都对我有用。

迷你上下文:我很困惑,因为我为我的API网关资源使用了Lambda授权者,而我什至看不到任何东西可以到达该Lambda的Cloudwatch日志。

答案 1 :(得分:0)

我在尝试-1端点(*)时遇到此错误:

all

问题是我传递了错误的凭据。

(*)旁注:我试图搜索AWS上托管的Elasticsearch集群。

相关问题
最新问题