我目前正在评估AppAuth(https://appauth.io/),以便在本机移动应用中与目前使用IdentityServer3的STS一起使用。我已经配置了这样的客户端:
new IdentityServer3.Core.Models.Client
{
Enabled = true,
ClientId = "app",
ClientName = "app",
ClientUri = "app:/",
Flow = Flows.AuthorizationCodeWithProofKey,
RequireConsent = false,
RequireSignOutPrompt = false,
SlidingRefreshTokenLifetime = 28800,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List<string>
{
"app:/signin"
},
PostLogoutRedirectUris = new List<string>
{
"app:/signout"
},
AllowedScopes = new List<string>
{
StandardScopes.OpenId.Name.Name,
StandardScopes.Email.Name.Name,
StandardScopes.Profile.Name.Name,
StandardScopes.Roles.Name.Name,
StandardScopes.OfflineAccess.Name,
}
}
初始授权请求成功,IdentityServer3返回授权代码。现在我尝试了一个后续的令牌请求,这会导致带有invalid_client错误的HTTP 400以及IdentityServer3日志中的以下消息:
2018-04-17 10:16:38.324 +02:00 [Information] Start token request
2018-04-17 10:16:38.324 +02:00 [Debug] Start client validation
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing Basic Authentication secret
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing for secret in post body
2018-04-17 10:16:38.324 +02:00 [Debug] No secret in post body found
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing for X.509 certificate
2018-04-17 10:16:38.324 +02:00 [Debug] X.509 certificate not found.
2018-04-17 10:16:38.324 +02:00 [Information] Parser found no secret
2018-04-17 10:16:38.324 +02:00 [Information] No client secret found
2018-04-17 10:16:38.324 +02:00 [Information] End token request
2018-04-17 10:16:38.324 +02:00 [Information] Returning error: invalid_client
我是否理解错误或为什么IdentityServer3不返回访问令牌?
答案 0 :(得分:1)
您需要在Client流的令牌请求中对Authorization Code进行身份验证。因此,您需要为您的客户设置ClientSecrets。
new IdentityServer3.Core.Models.Client
{
/// your properties
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
}
}
您需要在令牌请求中将client_secret作为查询字符串发送。
或者您可以使用BasicAuthentication。在这种情况下,您需要在身份验证标头中添加Base64(ClientId:ClientSecret)。