我在ASP.NET MVC网站上安装了IdentityServer3和一个客户端(一个NopCommerce插件),定义如下(URL仅用于测试):
new Client
{
ClientName = "Deep Stores",
ClientId = "deepstores",
ClientSecrets = new List<Secret>
{
new Secret("0B0A3FD3-F30C-428C-B1A3-6E570103614D".Sha256())
},
AccessTokenType = AccessTokenType.Reference,
RedirectUris = new List<string>
{
"http://localhost:2030/plugins/ExternalAuthDeepStudies/logincallback"
},
Flow = Flows.AuthorizationCode,
AllowAccessToAllScopes = true,
AllowedScopes = StandardScopes.All.Select(x => x.Name).ToList()
}
当尝试使用如下所示的URL获取授权令牌时,它第一次起作用(出现登录并授予页面等等),但对于其余请求,它为我的回调返回error=invalid_scope
!
请求授权端点:
https://127.0.0.1/core/connect/authorize?client_id=deepstores&redirect_uri=http%3A%2F%2Flocalhost%3A2030%2Fplugins%2FExternalAuthDeepStudies%2Flogincallback&scope=profile&response_type=code
会发生什么?为什么我会收到此错误?
范围定义为:
public static IEnumerable<Scope> Get()
{
return new[]
{
StandardScopes.OpenId,
StandardScopes.Profile,
StandardScopes.Email,
StandardScopes.Address,
StandardScopes.Phone,
StandardScopes.OfflineAccess,
StandardScopes.RolesAlwaysInclude,
StandardScopes.AllClaims,
};
}
请注意,我使用EntityFramework,所有人员均存储在数据库中。加上我使用ASP.NET Identity管理用户和角色。