我正在设置身份服务器以从转发IP的临时端口获得访问权限。当我在本地运行所有内容时,登录工作正常,但是当我开始使用公共IP时,该登录表明我的client_id丢失或太长。
首先,我收到一个错误,它无法访问本地http请求。这是因为端点未使用正确的重定向URI。我通过更改身份服务器的公开来源来更改了此设置。
之后,我可以进入登录页面并尝试登录以获取错误
对不起,出现错误:invalid_request 无效的client_id
我检查了客户ID,但这是正确的。 在控制台中,我得到
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
client_id is missing or too long
{
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"ReturnUrl": "/connect/authorize/callback?client_id=pokemon_code&redirect_uri=http%3A%2F%2Fbackendpokemonsite.azurewebsites.net%2Fsignin-oidc&response_type=id_token%20code&scope=openid%20profile%20pokemon%20role%20offline_access%20email&response_mode=form_post&nonce=636932445888919509.YTM5OTBlNDMtNWJkNC00MTJiLWI3YjAtNTIzMzY0ZmNkOGEyNzNlMjVhZjQtZGJhNC00MDk2LWIxYjItY2MwNWFmYTczNmU0&state=CfDJ8IxZ9MXLdlhLon2k58KSiTd3i19Dt1TM93X6-L-_SyUK_xpG5zn90n4y9RtMGlieCkdOPPnAg2VXrLoy1EXTZgGlLmsd7EIqORzq37XbF6Zj23rr7_shXOQcLY87Dywalv4VrRj6HKqUnNFGUE8cCKSXc6uiH0LDBTDPqAuU2QWWRJf-a07TAZw2YdbvanEbueXDKAL9ty57_O2pY1rS5_7ViiVVu_GP3ct8ytW6wY8_BBArqQZW7BspbQV5YzDfseVcSnh1dIRPXZTSvUyHWMvBIQTYb_xhctLoOpdzQC41XMCjP9lpkTBm2Vwv-izxlDWbT58DnVwNKnYTYUn0nhA",
"Username": "username",
"Password": "password",
"button": "login",
"__RequestVerificationToken": "CfDJ8N6qinc1TjFHrjbGhp-Exm0qSNXoKKJC77ipFBHfZWz2ukCowIEjgzRUy3ZRex2SEVLByyYCDoOfjxR-JUfdBj6IDUZAI5EHcFklOPLssWob-yJrrCio3VyrClZnlYkHSif3-yDvU0w-2GDs6S2lIKM",
"RememberLogin": "false"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
我的身份服务器上的onconfigure服务,在那里我将端点位置更改为公共IP:
services.AddIdentityServer(options=> options.PublicOrigin= "http://public-endpoint")
.AddSigningCredential(new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "Configuration/pokemon.pfx","secretpassword")) .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
.AddConfigurationStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), dboptions => dboptions.MigrationsAssembly(assembly)))
.AddOperationalStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), dboptions => dboptions.MigrationsAssembly(assembly)))
.AddAspNetIdentity<IdentityUser>();
这是我的Web项目的onconfigure:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options=> {
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
}).AddCookie("Cookies").AddOpenIdConnect("oidc",openid=> {
openid.SignInScheme = "Cookies";
openid.AuthenticationMethod = Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior.FormPost;
openid.Authority = "http://public-endpoint/";
openid.RequireHttpsMetadata = false;
openid.ClaimActions.Add(new RoleClaimAction());
openid.ClientId = "pokemon_code";
openid.ClientSecret = "secret";
openid.ResponseType = "id_token code";
openid.Scope.Add("pokemon");
openid.Scope.Add("role");
openid.Scope.Add("offline_access");
openid.Scope.Add("email");
openid.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
RoleClaimType = "role",
NameClaimType="role"
};
openid.GetClaimsFromUserInfoEndpoint = true;
openid.SaveTokens = true;
});
我希望网站登录要求获得使用帐户详细信息的许可。但是现在我得到了错误: “很抱歉,出现错误:invalid_request 无效的client_id”。 我是身份服务器的新手,所以我错过了什么吗?