Identity Server 4不会向控制器返回错误说明

时间:2018-04-10 11:06:52

标签: c# asp.net-core .net-core identityserver4

我有一个Identity Server 4项目,该项目遵循有关如何显示错误的文档

家庭控制器: 

public class HomeController : Controller
{
    private readonly IIdentityServerInteractionService _interaction;

    public HomeController(IIdentityServerInteractionService interaction)
    {
        _interaction = interaction;
    }

    public IActionResult Index()
    {
        return View();
    }

    public async Task<IActionResult> Error(string errorId)
    {
        var vm = new ErrorViewModel();
        var message = await _interaction.GetErrorContextAsync(errorId);
        if (message != null)
            vm.Error = message;
        return View("Error", vm);
    }
}

身份服务器本身在日志中提供了一些好的信息

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Unknown client or not enabled: 3CCF1B2D-D064-4A1B-BFD4-57E0451575C7.apps.biz
{
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "client_id": "3CCF1B2D-D064-4A1B-BFD4-57E0451575C7.test.apps.biz",
          "redirect_uri": "http://localhost:4200/signin-oidc",
          "response_type": "id_token",
          "scope": "openid profile",
          "response_mode": "form_post",
          "nonce": "636589548258549622.YzMwMzRkNjAtYWU2Ni00ODlmLTg3ZWQtNmRmOThhYjcyN2JlZWFkYjk2MjEtNDAxNC00ZTQ1LWEzZTAtNTZmMWIyNDhkZjg1",
          "state": "CfDJ8FDPGFWZWNNOmnYDxcFlnVDZgaOG1kNakiXQF48y_4gnSxuIVAVQmMJ_4j9SUZz1TXGJDt4-8EKmoxLXuw3SZgyc5fy1ODzdS0Njd68T1W9dGxt8rFNrUF0njKk3XrSRTeJ45geS_uOL4w89OVupVq4UtHVbKxj3UMZLCn4W-BAXpXfo43KIT8RvxICMjbNtvPM1toEmMSlfdic6T6EZoxXpwim919xMLeQCY0S7QZdbc9DFfUfJkVYsLrofiBvQtZLfQjRQNp_7MiYFz_C4IQ7BAupErvZpcNvpBhQJWIt8BKlACVfKLHbvO6M0FKqa9A",
          "x-client-SKU": "ID_NET",
          "x-client-ver": "2.1.4.0"
        }
      }


 fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
  Invalid redirect_uri: http://localhost:4200/signin-oidc
{
        "ClientId": "testclient",
        "ClientName": "testclient",
        "AllowedRedirectUris": [
          "http://localhost:5002/signin-oidc"
        ],
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "client_id": "testclient",
          "redirect_uri": "http://localhost:4200/signin-oidc",
          "response_type": "code id_token",
          "scope": "openid profile",
          "response_mode": "form_post",
          "nonce": "636589567957415216.ZjYyZTU3MTEtZWRhZi00N2RhLWI1MjQtZThlZjk4NjY2NmJmZDQ4ZmUzNzQtMTI3MS00YTdiLTgzNDUtYThlMWU2NzcxMmM5",
          "state": "CfDJ8FDPGFWZWNNOmnYDxcFlnVByKSJA-wSjaBBIB2p-d1oUhuZNGBiD1gOFpnyxevmIKxNY1Hf15vlbpgLZoEVQ8O7UhyOpR1ANgUhhyl9nL4M63-2am7F1LJf9hwijkS0_WpxxJ-jYHlq4r99fS2tcaPFZjAG_UNjWYgTshD5Kps3czFvJOG04plaCn2zcKCX5AGgTVnxlG7__hi1ifn-xOipynq5nHBIasMT6doCmpjktAqx7AOK4C1D__YbVMkcRhC70qYFCfoSNhpUrROXZobP6GxYXd1y5EEbA_oXJjmePFdEL-MFQp0o5D_H_mXsU1g",
          "x-client-SKU": "ID_NET",
          "x-client-ver": "2.1.4.0"
        }
      }

但是GetErrorContextAsync没有将唯一的信息返回给我的控制器,因此只能向用户显示错误名称。

enter image description here

根本没有填写错误的描述。

我如何得到填充的描述?

我正在寻找一种在这里为开发者展示一些明智信息的方法。但是,每个错误接缝都会返回unauthorized_client,因此我无法告诉开发人员,重定向URI与无效客户端ID存在问题。

if (vm.Error.Error == "unauthorized_client") vm.Error.ErrorDescription = "Contact plugin developer.";

注意:重定向URI确实会返回描述。

1 个答案:

答案 0 :(得分:1)

这是设计意图。您无法在控制器中访问unathorized_client的原因。

您还可以查看来源,看看发生了什么。

//////////////////////////////////////////////////////////
// check for valid client
//////////////////////////////////////////////////////////
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
    LogError("Unknown client or not enabled", request.ClientId, request);
    return Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient);
}

https://github.com/IdentityServer/IdentityServer4/blob/dev/src/IdentityServer4/Validation/AuthorizeRequestValidator.cs#L150

相关问题
最新问题