Identity Server4连接/令牌端点提供400 Bad Request

时间:2018-02-26 07:02:38

标签: identityserver4

我们正在将EntityFrameworkCore与Identity Server4一起使用。初始设置后,身份服务器(localhost:6000/.well-known/openid-configuration)的发现端点工作正常。当我们尝试从邮递员调用connect/token端点时,它会给出400个错误的请求响应。这是我们的客户:

public static IEnumerable<Client> GetClients()
{
    return new List<Client>
    {
        new Client
        {
            ClientId = "client",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { ApiResourceName.Sup_Api.Description() }
        },
        new Client
        {
            ClientId = "client2",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { "sup"}
        }
    };
}

这是postman连接/令牌发布请求:

http://localhost:6000/connect/token
  ?client_id=client2
  &client_secret=secret
  &grant_type=client_credentials
  &scope=sup

响应:

{
    "error": "invalid_request"
}

3 个答案:

答案 0 :(得分:7)

您不通过查询字符串传递参数。它的意思是在身体中,使用内容类型application/x-www-form-urlencoded

请参阅:https://tools.ietf.org/html/rfc6749#section-4.1.3

答案 1 :(得分:0)

邮递员工作示例:

enter image description here

我不确定redirect_uri的值。但作为回应,我得到了:

  • id_token
  • access_token
  • refresh_token

和其他一些

答案 2 :(得分:0)

将其设为 HTTPPOST 请求,而不是浏览器的HTTPGET请求

相关问题
最新问题