我在尝试配置Identity Server和调用MVC客户端时遇到问题。 我同时使用Entity Framework Core和ASP.NET Core Identity with IS4来配置我的客户端,范围,用户等。
我得到的错误是:
OpenIdConnectProtocolException:消息包含错误:'invalid_client',error_description:'error_description为null',error_uri:'error_uri为null'。 一旦我输入登录名/密码并重定向回客户端。
我的IS4日志指出我的用户身份验证正常,但是当尝试获取访问令牌时,它失败了,这是:
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST https://localhost:5000/connect/token application/x-www-form-urlencoded 236
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
Start token request.
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Start client validation
dbug: IdentityServer4.Validation.BasicAuthenticationSecretParser[0]
Start parsing Basic Authentication secret
dbug: IdentityServer4.Validation.PostBodySecretParser[0]
Start parsing for secret in post body
dbug: IdentityServer4.Validation.SecretParser[0]
Parser found secret: PostBodySecretParser
dbug: IdentityServer4.Validation.SecretParser[0]
Secret id found: lssite
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
Entity Framework Core 2.1.4-rtm-31024 initialized 'ConfigurationDbContext' using provider 'Pomelo.EntityFrameworkCore.MySql' with options: None
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x`.`Id`, `x`.`AbsoluteRefreshTokenLifetime`, `x`.`AccessTokenLifetime`, `x`.`AccessTokenType`, `x`.`AllowAccessTokensViaBrowser`, `x`.`AllowOfflineAccess`, `x`.`AllowPlainTextPkce`, `x`.`AllowRememberConsent`, `x`.`AlwaysIncludeUserClaimsInIdToken`, `x`.`AlwaysSendClientClaims`, `x`.`AuthorizationCodeLifetime`, `x`.`BackChannelLogoutSessionRequired`, `x`.`BackChannelLogoutUri`, `x`.`ClientClaimsPrefix`, `x`.`ClientId`, `x`.`ClientName`, `x`.`ClientUri`, `x`.`ConsentLifetime`, `x`.`Created`, `x`.`Description`, `x`.`DeviceCodeLifetime`, `x`.`EnableLocalLogin`, `x`.`Enabled`, `x`.`FrontChannelLogoutSessionRequired`, `x`.`FrontChannelLogoutUri`, `x`.`IdentityTokenLifetime`, `x`.`IncludeJwtId`, `x`.`LastAccessed`, `x`.`LogoUri`, `x`.`NonEditable`, `x`.`PairWiseSubjectSalt`, `x`.`ProtocolType`, `x`.`RefreshTokenExpiration`, `x`.`RefreshTokenUsage`, `x`.`RequireClientSecret`, `x`.`RequireConsent`, `x`.`RequirePkce`, `x`.`SlidingRefreshTokenLifetime`, `x`.`UpdateAccessTokenClaimsOnRefresh`, `x`.`Updated`, `x`.`UserCodeType`, `x`.`UserSsoLifetime`
FROM `Clients` AS `x`
WHERE `x`.`ClientId` = @__clientId_0
ORDER BY `x`.`Id`
LIMIT 1
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.AllowedGrantTypes`.`Id`, `x.AllowedGrantTypes`.`ClientId`, `x.AllowedGrantTypes`.`GrantType`
FROM `ClientGrantTypes` AS `x.AllowedGrantTypes`
INNER JOIN (
SELECT `x0`.`Id`
FROM `Clients` AS `x0`
WHERE `x0`.`ClientId` = @__clientId_0
ORDER BY `x0`.`Id`
LIMIT 1
) AS `t` ON `x.AllowedGrantTypes`.`ClientId` = `t`.`Id`
ORDER BY `t`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.RedirectUris`.`Id`, `x.RedirectUris`.`ClientId`, `x.RedirectUris`.`RedirectUri`
FROM `ClientRedirectUris` AS `x.RedirectUris`
INNER JOIN (
SELECT `x1`.`Id`
FROM `Clients` AS `x1`
WHERE `x1`.`ClientId` = @__clientId_0
ORDER BY `x1`.`Id`
LIMIT 1
) AS `t0` ON `x.RedirectUris`.`ClientId` = `t0`.`Id`
ORDER BY `t0`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.PostLogoutRedirectUris`.`Id`, `x.PostLogoutRedirectUris`.`ClientId`, `x.PostLogoutRedirectUris`.`PostLogoutRedirectUri`
FROM `ClientPostLogoutRedirectUris` AS `x.PostLogoutRedirectUris`
INNER JOIN (
SELECT `x2`.`Id`
FROM `Clients` AS `x2`
WHERE `x2`.`ClientId` = @__clientId_0
ORDER BY `x2`.`Id`
LIMIT 1
) AS `t1` ON `x.PostLogoutRedirectUris`.`ClientId` = `t1`.`Id`
ORDER BY `t1`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.AllowedScopes`.`Id`, `x.AllowedScopes`.`ClientId`, `x.AllowedScopes`.`Scope`
FROM `ClientScopes` AS `x.AllowedScopes`
INNER JOIN (
SELECT `x3`.`Id`
FROM `Clients` AS `x3`
WHERE `x3`.`ClientId` = @__clientId_0
ORDER BY `x3`.`Id`
LIMIT 1
) AS `t2` ON `x.AllowedScopes`.`ClientId` = `t2`.`Id`
ORDER BY `t2`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.ClientSecrets`.`Id`, `x.ClientSecrets`.`ClientId`, `x.ClientSecrets`.`Created`, `x.ClientSecrets`.`Description`, `x.ClientSecrets`.`Expiration`, `x.ClientSecrets`.`Type`, `x.ClientSecrets`.`Value`
FROM `ClientSecrets` AS `x.ClientSecrets`
INNER JOIN (
SELECT `x4`.`Id`
FROM `Clients` AS `x4`
WHERE `x4`.`ClientId` = @__clientId_0
ORDER BY `x4`.`Id`
LIMIT 1
) AS `t3` ON `x.ClientSecrets`.`ClientId` = `t3`.`Id`
ORDER BY `t3`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.Claims`.`Id`, `x.Claims`.`ClientId`, `x.Claims`.`Type`, `x.Claims`.`Value`
FROM `ClientClaims` AS `x.Claims`
INNER JOIN (
SELECT `x5`.`Id`
FROM `Clients` AS `x5`
WHERE `x5`.`ClientId` = @__clientId_0
ORDER BY `x5`.`Id`
LIMIT 1
) AS `t4` ON `x.Claims`.`ClientId` = `t4`.`Id`
ORDER BY `t4`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.IdentityProviderRestrictions`.`Id`, `x.IdentityProviderRestrictions`.`ClientId`, `x.IdentityProviderRestrictions`.`Provider`
FROM `ClientIdPRestrictions` AS `x.IdentityProviderRestrictions`
INNER JOIN (
SELECT `x6`.`Id`
FROM `Clients` AS `x6`
WHERE `x6`.`ClientId` = @__clientId_0
ORDER BY `x6`.`Id`
LIMIT 1
) AS `t5` ON `x.IdentityProviderRestrictions`.`ClientId` = `t5`.`Id`
ORDER BY `t5`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.AllowedCorsOrigins`.`Id`, `x.AllowedCorsOrigins`.`ClientId`, `x.AllowedCorsOrigins`.`Origin`
FROM `ClientCorsOrigins` AS `x.AllowedCorsOrigins`
INNER JOIN (
SELECT `x7`.`Id`
FROM `Clients` AS `x7`
WHERE `x7`.`ClientId` = @__clientId_0
ORDER BY `x7`.`Id`
LIMIT 1
) AS `t6` ON `x.AllowedCorsOrigins`.`ClientId` = `t6`.`Id`
ORDER BY `t6`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.Properties`.`Id`, `x.Properties`.`ClientId`, `x.Properties`.`Key`, `x.Properties`.`Value`
FROM `ClientProperties` AS `x.Properties`
INNER JOIN (
SELECT `x8`.`Id`
FROM `Clients` AS `x8`
WHERE `x8`.`ClientId` = @__clientId_0
ORDER BY `x8`.`Id`
LIMIT 1
) AS `t7` ON `x.Properties`.`ClientId` = `t7`.`Id`
ORDER BY `t7`.`Id`
dbug: IdentityServer4.EntityFramework.Stores.ClientStore[0]
lssite found in database: True
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client lssite succeeded.
dbug: IdentityServer4.Validation.HashedSharedSecretValidator[0]
No matching hashed secret found.
dbug: IdentityServer4.Validation.SecretValidator[0]
Secret validators could not validate secret
info: IdentityServer4.Events.DefaultEventService[0]
{
"Name": "Client Authentication Failure",
"Category": "Authentication",
"EventType": "Failure",
"Id": 1011,
"ClientId": "lssite",
"Message": "Invalid client secret",
"ActivityId": "0HLK6AKHC5UAJ:00000003",
"TimeStamp": "2019-01-30T01:49:20Z",
"ProcessId": 10624,
"LocalIpAddress": "::1:5000",
"RemoteIpAddress": "::1"
}
fail: IdentityServer4.Validation.ClientSecretValidator[0]
Client secret validation failed for client: lssite.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 137.9524ms 400 application/json; charset=UTF-8
出现在我的客户端中的异常是:
System.Exception: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
我在Identity Server 4中使用的Statup.cs是:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllOrigins",
builder =>
{
builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials();
});
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSingleton<IEmailSender, EmailSender>();
var connectionString = Configuration.GetConnectionString("DefaultConnection");
var identityServer = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.UserInteraction.LoginUrl = "/Identity/Account/Login";
options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
})
// this adds the config data from DB (clients, resources, CORS)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseMySql(connectionString);
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseMySql(connectionString);
}).AddAspNetIdentity<Aspnetusers>();
services.AddAuthentication()
.AddGoogle(options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = "708996912208-9m4dkjb5hscn7cjrn5u0r4tbgkbj1fko.apps.googleusercontent.com";
options.ClientSecret = "wdfPY6t8H8cecgjlxud__4Gh";
});
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>()
.AddTransient<IProfileService, ProfileService>();
RSA rsa = RSA.Create();
string key = (string)Configuration.GetSection("AppSettings").GetValue(typeof(string), "RSAPrivateKey");
rsa.FromJsonString(key);
Microsoft.IdentityModel.Tokens.RsaSecurityKey rsk = new Microsoft.IdentityModel.Tokens.RsaSecurityKey(rsa);
identityServer.AddSigningCredential(rsk);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseIdentityServer();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
我的MVC客户端的Startup.cs如下:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
options.DefaultSignInScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.AuthenticationMethod = Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior.RedirectGet;
options.Authority = "https://localhost:5000";
options.RequireHttpsMetadata = false;
options.ResponseType = "code id_token token";
options.ClientId = "lssite";
options.ClientSecret = "VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=";
options.Scope.Add("lsapi");
options.Scope.Add("offline_access");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
还有一个保存配置的MySQL数据库转储:
-- MySQL dump 10.13 Distrib 8.0.12, for Win64 (x86_64)
--
-- Host: 127.0.0.1 Database: lsidentityconfig
-- ------------------------------------------------------
-- Server version 8.0.12
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
SET NAMES utf8 ;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Dumping data for table `apiclaims`
--
LOCK TABLES `apiclaims` WRITE;
/*!40000 ALTER TABLE `apiclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `apiclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiproperties`
--
LOCK TABLES `apiproperties` WRITE;
/*!40000 ALTER TABLE `apiproperties` DISABLE KEYS */;
/*!40000 ALTER TABLE `apiproperties` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiresources`
--
LOCK TABLES `apiresources` WRITE;
/*!40000 ALTER TABLE `apiresources` DISABLE KEYS */;
INSERT INTO `apiresources` VALUES (1,1,'lsapi','API',' Main API','2018-01-21 15:35:00.000000',NULL,NULL,0);
/*!40000 ALTER TABLE `apiresources` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiscopeclaims`
--
LOCK TABLES `apiscopeclaims` WRITE;
/*!40000 ALTER TABLE `apiscopeclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `apiscopeclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiscopes`
--
LOCK TABLES `apiscopes` WRITE;
/*!40000 ALTER TABLE `apiscopes` DISABLE KEYS */;
INSERT INTO `apiscopes` VALUES (1,'lsapi','API',' Main API',0,0,1,1);
/*!40000 ALTER TABLE `apiscopes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apisecrets`
--
LOCK TABLES `apisecrets` WRITE;
/*!40000 ALTER TABLE `apisecrets` DISABLE KEYS */;
--
-- Dumping data for table `clientclaims`
--
LOCK TABLES `clientclaims` WRITE;
/*!40000 ALTER TABLE `clientclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `clientclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientcorsorigins`
--
LOCK TABLES `clientcorsorigins` WRITE;
/*!40000 ALTER TABLE `clientcorsorigins` DISABLE KEYS */;
INSERT INTO `clientcorsorigins` VALUES (1,'https://localhost:44336',2);
/*!40000 ALTER TABLE `clientcorsorigins` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientgranttypes`
--
LOCK TABLES `clientgranttypes` WRITE;
/*!40000 ALTER TABLE `clientgranttypes` DISABLE KEYS */;
INSERT INTO `clientgranttypes` VALUES (1,'password',1),(2,'refresh',1),(4,'hybrid',2),(6,'code',2);
/*!40000 ALTER TABLE `clientgranttypes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientidprestrictions`
--
LOCK TABLES `clientidprestrictions` WRITE;
/*!40000 ALTER TABLE `clientidprestrictions` DISABLE KEYS */;
/*!40000 ALTER TABLE `clientidprestrictions` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientpostlogoutredirecturis`
--
LOCK TABLES `clientpostlogoutredirecturis` WRITE;
/*!40000 ALTER TABLE `clientpostlogoutredirecturis` DISABLE KEYS */;
INSERT INTO `clientpostlogoutredirecturis` VALUES (1,'https://localhost:44336/signout-callback-oidc',2);
/*!40000 ALTER TABLE `clientpostlogoutredirecturis` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientproperties`
--
LOCK TABLES `clientproperties` WRITE;
/*!40000 ALTER TABLE `clientproperties` DISABLE KEYS */;
/*!40000 ALTER TABLE `clientproperties` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientredirecturis`
--
LOCK TABLES `clientredirecturis` WRITE;
/*!40000 ALTER TABLE `clientredirecturis` DISABLE KEYS */;
INSERT INTO `clientredirecturis` VALUES (1,'https://localhost:44336/signin-oidc',2),(4,'https://localhost:44336/',2);
/*!40000 ALTER TABLE `clientredirecturis` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clients`
--
LOCK TABLES `clients` WRITE;
/*!40000 ALTER TABLE `clients` DISABLE KEYS */;
INSERT INTO `clients` VALUES (1,1,'lsgame','oidc',1,'Game Client',NULL,NULL,NULL,0,0,0,0,0,0,NULL,1,NULL,1,1,300,3600,300,NULL,2592000,1296000,1,1,1,0,1,0,0,'ls_',NULL,'2019-01-21 15:45:00.000000',NULL,NULL,NULL,NULL,300,0),(2,1,'lssite','oidc',1,'Website',NULL,'https://localhost:44336',NULL,0,0,1,0,0,1,NULL,0,NULL,1,1,300,3600,300,NULL,2592000,1296000,0,0,0,0,1,0,1,'ls_',NULL,'2019-01-21 15:45:00.000000',NULL,NULL,NULL,NULL,300,0);
/*!40000 ALTER TABLE `clients` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientscopes`
--
LOCK TABLES `clientscopes` WRITE;
/*!40000 ALTER TABLE `clientscopes` DISABLE KEYS */;
INSERT INTO `clientscopes` VALUES (1,'lsapi',1),(2,'lsapi',2),(3,'openid',2),(4,'profile',2);
/*!40000 ALTER TABLE `clientscopes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientsecrets`
--
LOCK TABLES `clientsecrets` WRITE;
/*!40000 ALTER TABLE `clientsecrets` DISABLE KEYS */;
INSERT INTO `clientsecrets` VALUES (1,NULL,'VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=',NULL,'SharedSecret','2019-01-21 15:48:00.000000',1),(2,NULL,'VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=',NULL,'SharedSecret','2019-01-21 15:48:00.000000',2);
/*!40000 ALTER TABLE `clientsecrets` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `devicecodes`
--
LOCK TABLES `devicecodes` WRITE;
/*!40000 ALTER TABLE `devicecodes` DISABLE KEYS */;
/*!40000 ALTER TABLE `devicecodes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `identityclaims`
--
LOCK TABLES `identityclaims` WRITE;
/*!40000 ALTER TABLE `identityclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `identityclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `identityproperties`
--
LOCK TABLES `identityproperties` WRITE;
/*!40000 ALTER TABLE `identityproperties` DISABLE KEYS */;
/*!40000 ALTER TABLE `identityproperties` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `identityresources`
--
LOCK TABLES `identityresources` WRITE;
/*!40000 ALTER TABLE `identityresources` DISABLE KEYS */;
INSERT INTO `identityresources` VALUES (1,1,'openid','openid','openid',1,0,1,'2019-01-24 18:34:00.000000',NULL,0),(2,1,'profile','profile','profile',1,0,1,'2019-01-24 18:34:00.000000',NULL,0);
/*!40000 ALTER TABLE `identityresources` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `persistedgrants`
--
LOCK TABLES `persistedgrants` WRITE;
/*!40000 ALTER TABLE `persistedgrants` DISABLE KEYS */;
/*!40000 ALTER TABLE `persistedgrants` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
我在这里完全不知所措,不知道要怎么做才能完成这项工作,尝试按照所有快速入门进行操作,使其以隐式流程运行,但是我无法进行这项工作,尝试了3天,所以请,如果有人知道,我在这里做错了什么?
答案 0 :(得分:0)
好像您正在尝试解码客户端中机密的哈希值。
在配置客户端oidc服务时只需使用密码的纯文本值即可。
options.ClientSecret = “plain_text”
在身份服务器样本中,纯文本值为“ secret”,但是您可能已配置了其他值,因为您正在使用db存储配置。
VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=是数据库转储中显示的哈希值,因此在客户端中,您需要使用纯文本秘密值。