SPA应用程序有反应。我在Idsrv上成功进行了身份验证,并将jwt令牌放入spa存储。然后,我向载体提出要求。我无法使用隐式流成功进行身份验证,它只是尝试将登录屏幕重定向到api服务器url http://localhost:5002/Account/Login?ReturnUrl(api上不存在)。资源密码所有者正在工作。
客户端和API:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API")
};
}
public static IEnumerable<Client> GetClients(string host)
{
// client credentials client
return new List<Client>
{
// resource owner password grant client
new Client
{
ClientId = "ro.client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("1a7f0273-b311-4f2d-8d28-e680865e3a24".Sha256())
},
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
}
},
//implicit
new Client
{
ClientName = "implicitclient",
ClientId = "implicitclient",
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
AlwaysSendClientClaims = true,
AlwaysIncludeUserClaimsInIdToken = true,
RedirectUris = new List<string>
{
host
},
PostLogoutRedirectUris = new List<string>
{
host
},
AllowedCorsOrigins = new List<string>
{
host
},
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1",
"role"
}
}
};
Api保护设置:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(o =>
{
o.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
})
.AddIdentityServerAuthentication(o =>
{
o.Authority = Configuration.GetSection("IdentityServerSettings:AuthUrl").Value;
o.ApiName = "api1";
o.ApiSecret = Configuration.GetSection("IdentityServerSettings:ClientSecret").Value;
o.EnableCaching = true;
o.RequireHttpsMetadata = false;
o.SupportedTokens = SupportedTokens.Both;
});
我尝试了与样本不同的设置,但可能缺少某些内容。因为我使用的是JWT而不是引用令牌,所以我不必在API上受任何限制。