我有一个客户端的整合,我想有服务器和我们的服务器之间的机器对机器的授权。我以为我可以使用authorization_code流,但似乎需要用户cookie出现,否则它将始终重定向到登录页面。
是否有使用IdentityServer4一个服务器可以请求我与一些用户信息例如一个方式也许是加密的用户标识符,我可以用它来返回授权码?我已经能够实现一些这与我自己执行AuthorizeInteractionResponseGenerator
。我覆盖了ProcessLoginAsync()
方法,并引入了一个新的提示类型,让我们说abc
,所以当提供的提示类型为abc
时,我从原始请求中获取用户的标识符,并记录该用户在生成ClaimsPrincipal
,直到在最后,我得到错误:
InvalidOperationException异常:用户目前未被验证
显示的堆栈跟踪如下:
System.InvalidOperationException: User is not currently authenticated
at IdentityServer4.Services.DefaultUserSession.<SetClientListPropertyValueAsync>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultUserSession.<SetClientsAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultUserSession.<AddClientIdAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.Results.AuthorizeResult.<ProcessResponseAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.Results.AuthorizeResult.<ExecuteAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.<Invoke>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.BaseUrlMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Rp.Middleware.IdHashing.IdHashingMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()
必须这样做是因为有一项要求,对此没有争议,但是我希望您能提供帮助的是如何解决上述错误?此外,我是否需要进行大量的返工,而我可以通过其他方式利用IdentityServer4来实现这一目标?
期待您的回复。谢谢!
更新:
所以给大家多一点而言,我并不试图做一个单点登录。我正在做的是为不希望用户知道该应用程序不是来自他们的客户的客户端构建应用程序。因此,用户登录到客户端的网站,但页面上,出角的应用程序加载的一个。现在,此应用程序不再依赖于客户端,它具有数据库中所需的所有内容,来自客户端的所有内容都是传递给我们的东西,因此我们也可以在应用程序上登录客户端用户,但无需任何同意或任何使我们的应用程序实际上是客户端应用程序一部分的感觉。而且我们也不能完全依赖客户端身份验证,因为我有多个客户端,每个人的身份验证方式都不相同。
答案 0 :(得分:1)
机器对机器通信的首选流程称为client credentials
。话虽如此,看来您需要在机器到机器的通信场景中拥有用户上下文,以便从技术上讲,您还可以使用resource owner credentials
流。为此,您将需要在身份服务器4端实现IResourceOwnerPasswordValidator
。
在开始使用任何这些实现之前,请确保您了解使用resource owner credentials
流的安全隐患,因为它通常是不推荐使用的,因此不建议使用。此外,您似乎还希望在计算机之间进行通信的情况下出现用户上下文,因此在设计中似乎已经是一个危险信号。
如果需要更多信息,可以参考身份服务器4的出色快速入门样本,在其中可以检查如何实现上述两个流程。