IdentityServer4-405-连接/授权Ajax调用CORS错误

时间:2019-05-24 14:46:03

标签: cors identityserver4

我正在使用Identity Server4在带有刷新令牌的ASP .NET Core MVC客户端中进行oidc身份验证。

但是当到期时,我无法进行令牌更新。

该网络应用执行ajax调用。然后,让这种情况出现:用户使浏览器保持空闲状态,并且令牌过期。然后,他单击一个按钮,浏览器将对该Web应用程序执行ajax调用。由于令牌过期,用户收到以下错误(被CORS策略阻止):

  

无法加载资源:服务器响应状态为405(不允许使用方法)的客户:1   auth-test.mydomain.com/connect/authorize?client_id=openID.myappClient.client&redirect_uri=https%3A%2F%2Fmyapp.mydomain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20api.mydomain.com% 20offline_access&response_mode = form_post&随机数= 636940350363269435.NDQ0NTU1MjQtMGI0Ni00MWU1LTg4NGItYzQ5NzQ1ZDMzZjNiN2VlOTM3MGMtM2EyNi00MzlkLThiODMtOWRlN2Y2MmIyOWRl&状态= CfDJ8G5_9qjj_BRInewMRqLDlrLZ2cKkku2SwjqPcivQrPWgUb4FL-EBXPZO5ORBhJcStmHi5WtEkGWsq8OqSTZV-xflxirFQ92r8MTIE75sZlKH8jrfRDGl_vGNV0WG8UxIcoszhkqkPl3GENQDLF_gBwYWiOpcdXnfgpaeILpeY04ywOw0TRDDEvXLzVUs0cY_YpfAHqmtrvJNEuH3q-WzekLP0HeU6h-G3GlyHvu3h24Rc8-H8X1MXf22dQc5vuQFgmMY7PD-dJOAUW-yTw65xkDzjPfaMS1rW7b7b_b_rQ2A9kSRMo_O7-f4vFD2q58pi-YFb7br_YbNPrg4JevIO-xNUkVfqe-3V4UFUM-8M-2NhjfAm8MtuayBHXsHonG_XXYUE2SQJAO4M8y3dQSi1x-2_27NRBrl8lXcoDOolNE5cFqKXf_ohpBHs2wqjdmdFA&X-客户SKU = ID_NETSTANDARD1_4&X-客户-VER = 5.2。 0.0:1

     

从原点“ https://auth-test.mydomain.com/connect/authorize?client_id=openID.myappClient.client&redirect_uri=https%3A%2F%2Fmyapp.mydomain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20api.mydomain.com%20offline_access&response_mode=form_post&nonce=636940350363269435.NDQ0NTU1MjQtMGI0Ni00MWU1LTg4NGItYzQ5NzQ1ZDMzZjNiN2VlOTM3MGMtM2EyNi00MzlkLThiODMtOWRlN2Y2MmIyOWRl&state=CfDJ8G5_9qjj_BRInewMRqLDlrLZ2cKkku2SwjqPcivQrPWgUb4FL-EBXPZO5ORBhJcStmHi5WtEkGWsq8OqSTZV-xflxirFQ92r8MTIE75sZlKH8jrfRDGl_vGNV0WG8UxIcoszhkqkPl3GENQDLF_gBwYWiOpcdXnfgpaeILpeY04ywOw0TRDDEvXLzVUs0cY_YpfAHqmtrvJNEuH3q-WzekLP0HeU6h-G3GlyHvu3h24Rc8-H8X1MXf22dQc5vuQFgmMY7PD-dJOAUW-yTw65xkDzjPfaMS1rW7b7b_b_rQ2A9kSRMo_O7-f4vFD2q58pi-YFb7br_YbNPrg4JevIO-xNUkVfqe-3V4UFUM-8M-2NhjfAm8MtuayBHXsHonG_XXYUE2SQJAO4M8y3dQSi1x-2_27NRBrl8lXcoDOolNE5cFqKXf_ohpBHs2wqjdmdFA&x-client-SKU=ID_NETSTANDARD1_4&x-client-ver=5.2.0.0”对“ https://myapp.mydomain.com/api/customers/1”(从“ https://myapp.mydomain.com”重定向到XMLHttpRequest的访问已被CORS策略阻止:对预检请求的响应未通过访问控件检查:所请求的资源上没有“ Access-Control-Allow-Origin”标头。

我尝试在Identity Server 4中为https://*.mydomain.com启用CORS。但是我仍然有同样的错误。哪种方法可以处理令牌过期?

我的网络应用startup.cs:

                services.AddAuthentication(options =>
                {
                    options.DefaultScheme = "Cookies.Mvc";
                    options.DefaultChallengeScheme = "oidc";
                })
                .AddCookie("Cookies.Mvc")
                .AddOpenIdConnect("oidc", options =>
                {
                    options.SignInScheme = "Cookies.Mvc";
                    options.Authority = "xxx";
                    options.RequireHttpsMetadata = true;
                    options.ClientId = "xxx";
                    options.ClientSecret = "xxx",
                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;
                    options.ResponseType = "code id_token";
                    options.Scope.Add("api.com");
                    options.Scope.Add("offline_access");
                    options.UseTokenLifetime = false;
                });

谢谢!

0 个答案:

没有答案