我有一个IdentityServer 4应用程序,并且实现了用于通过OpenID Connect进行身份验证的SSO,有时用户会重定向到“ signin-oidc”并抛出异常
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501:签名验证失败。无法匹配密钥:“ [[PII隐藏]”。
客户端.net核心上的代码:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.Cookie.Name = "sintrc";
})
.AddOpenIdConnect("oidc", options=> {
options.Authority = authParams.BaseUrl;
options.RequireHttpsMetadata = false;
options.SignedOutRedirectUri = authParams.RedirectUrl;
options.ClientId = authParams.Client_Id;
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.SaveTokens = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role
};
});