角度登录“异常:相关性失败。未知位置”

时间:2019-04-18 08:30:20

标签: c# angular identityserver4 oidc

我的应用程序由2个元素组成: 在http://localhost:5000上侦听的IdentityServer4主机(具有Asp.NET身份的Asp.NET Core 2.2应用程序) Angular客户端应用程序(Angular v.7.2.12)在http://localhost:5002

上监听

我希望有角客户机对IS4进行身份验证:登录表单ID是IS4页面中托管的表单。成功登录后,应将用户重定向回角度页面。 对于角度oidc集成,我遵循了以下项目:https://github.com/elanderson/Angular-Core-IdentityServer

登录实际上运行良好(我看到了IS4返回的正确令牌,并且IS4日志中没有错误),但是重定向URI不起作用。我没有返回原始的角度页面(http://localhost/5002),而是出现了“关联失败。未知位置”

我尝试使用另一个ASP.NET Core测试应用程序进行相同的登录,并且它可以正常工作,因此它似乎与角度积分有关。

Exception Stack

Exception Headers

IS4内存中角度客户端配置

new Client
            {
                ClientId = "gekoo.webSPA",
                ClientName = "MVC SPA Client",
                AllowedGrantTypes = GrantTypes.Implicit,
                AllowAccessTokensViaBrowser = true,

                RedirectUris = { "http://localhost:5002/signin-oidc" },                    
                PostLogoutRedirectUris = { "http://localhost:5002" },},

                AllowedCorsOrigins = { "http://localhost:5002" },

                AllowedScopes = new List<string>
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "api1"
                },

                AlwaysIncludeUserClaimsInIdToken = true,

                RequireConsent = false,
            },

Startup.cs ConfigureServices中的Aspnet核心客户端应用配置

services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            //options.DefaultChallengeScheme = "oidc";
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;

                options.ResponseType = "code id_token";
                options.Scope.Add("gekoo.webSPA");
                options.Scope.Add("offline_access");
                options.ClientId = "gekoo.webSPA";

                options.ClaimActions.Remove("auth_type");
                options.GetClaimsFromUserInfoEndpoint = true;
                options.SaveTokens = true;
            });

Angular客户端oidc配置:

const openIdImplicitFlowConfiguration = new OpenIDImplicitFlowConfiguration();
openIdImplicitFlowConfiguration.stsServer = authUrl;

openIdImplicitFlowConfiguration.redirect_url = originUrl + '/signin-oidc';
console.log('redirect_url=' + openIdImplicitFlowConfiguration.redirect_url);

openIdImplicitFlowConfiguration.client_id = 'gekoo.webSPA';
openIdImplicitFlowConfiguration.response_type = 'id_token token';
openIdImplicitFlowConfiguration.scope = 'openid profile api1';

openIdImplicitFlowConfiguration.post_logout_redirect_uri = originUrl + '/home';
console.log('post_logout_redirect_uri=' + openIdImplicitFlowConfiguration.post_logout_redirect_uri);

openIdImplicitFlowConfiguration.forbidden_route = '/forbidden';
openIdImplicitFlowConfiguration.unauthorized_route = '/unauthorized';
openIdImplicitFlowConfiguration.auto_userinfo = true;
openIdImplicitFlowConfiguration.log_console_warning_active = true;
openIdImplicitFlowConfiguration.log_console_debug_active = true;
openIdImplicitFlowConfiguration.max_id_token_iat_offset_allowed_in_seconds = 10;

const authWellKnownEndpoints = new AuthWellKnownEndpoints();
//authWellKnownEndpoints.setWellKnownEndpoints(
authWellKnownEndpoints.issuer = authUrl;

authWellKnownEndpoints.jwks_uri = authUrl + '/.well-known/openid-configuration/jwks';
authWellKnownEndpoints.authorization_endpoint = authUrl + '/connect/authorize';
authWellKnownEndpoints.token_endpoint = authUrl + '/connect/token';
authWellKnownEndpoints.userinfo_endpoint = authUrl + '/connect/userinfo';
authWellKnownEndpoints.end_session_endpoint = authUrl + '/connect/endsession';
authWellKnownEndpoints.check_session_iframe = authUrl + '/connect/checksession';
authWellKnownEndpoints.revocation_endpoint = authUrl + '/connect/revocation';
authWellKnownEndpoints.introspection_endpoint = authUrl + '/connect/introspect';
authWellKnownEndpoints.introspection_endpoint = authUrl + '/connect/introspect';

1 个答案:

答案 0 :(得分:1)

您混用了两种不同的方法:在"gekoo.webSPA"客户端中向"GrantTypes.Implicit"在IdSrv(和Angular)中注册,但还创建了另一个具有相同名称的(ASP.NET MVC)客户端应用, {1}}。因此,您的Angular应用触发了一个挑战,但是响应由ASP.Net后端处理,从而导致失败。实际上,您可以完全不使用任何MVC来托管Angular,或使用this QA作为参考。

相关问题
最新问题