reactjs - IdentityServer4（Azure）+ SPA（本地）-登录时陷入重定向的无限循环 - Thinbug

IdentityServer4（Azure）+ SPA（本地）-登录时陷入重定向的无限循环

时间：2019-07-01 14:18:43

标签： reactjs identityserver4 oidc oidc-client-js

问题/重现问题的步骤

我在Azure中部署了一个身份服务器，该服务器由本地SPA客户端使用
登录SPA时，它将重定向到登录页面
成功登录后，它将重定向我到SPA客户端，并继续请求另一组令牌。基本上，这是我正在谈论的无限循环。
我有automaticRenewToken: true，因此它在后台静默刷新令牌。
当我在本地机器中同时拥有Identityserver和SPA客户端时，一切都完美运行
身份服务器和spa客户端都使用https

最小的工作示例

我的ProfileService

public class ProfileService : IProfileService
    {
        private readonly UserManager<UserAccount> userManager;
        private readonly ILogger<ProfileService> logger;

        public ProfileService(UserManager<UserAccount> userManager, ILogger<ProfileService> logger)
        {
            this.userManager = userManager;
            this.logger = logger;
        }

        public async Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            var user = await userManager.GetUserAsync(context.Subject);

            var claims = new List<Claim>
            {
                new Claim(JwtClaimTypes.Email, user.Email),
                new Claim(JwtClaimTypes.EmailVerified, user.EmailConfirmed.ToString(), ClaimValueTypes.Boolean),
                !string.IsNullOrEmpty(user.PhoneNumber) ?  new Claim(JwtClaimTypes.PhoneNumber, user.PhoneNumber) : null,
                new Claim(JwtClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString(), ClaimValueTypes.Boolean),
            };

            context.IssuedClaims.AddRange(claims.Where(x => x != null));
        }

        public async Task IsActiveAsync(IsActiveContext context)
        {

            logger.LogWarning("CHECKING IF ACTIVE");
            logger.LogWarning("Identity.Name - " + context.Subject.Identity?.Name);
            logger.LogWarning("Identity.AuthenticationType - " + context.Subject.Identity?.AuthenticationType);
            logger.LogWarning("Identity.IsAuthenticated - " + context.Subject.Identity?.IsAuthenticated.ToString());
            var user = await userManager.GetUserAsync(context.Subject);
            logger.LogWarning("CHECKING USER");
            logger.LogWarning($"Is user not null?  - {user != null}");
            logger.LogWarning(Newtonsoft.Json.JsonConvert.SerializeObject(user));
            context.IsActive = (user != null);
        }
    }

这是我的oidc-client usermanager配置

/* eslint-disable @typescript-eslint/camelcase */
import { createUserManager } from 'redux-oidc';
const authority = process.env.REACT_APP_AUTHORITY_SERVER_URL;
const settings = {
  // the user manager settings for oidc-client
  client_id: 'timekeeping.web.local',
  redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/callback`,
  response_type: 'id_token token',
  scope: 'openid profile timekeeping.api accounts.api',
  authority,
  //post_logout_redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/login`,
  silent_redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/oidc/silent_renew.html`,
  automaticSilentRenew: true,
  filterProtocolClaims: true,
  loadUserInfo: true
};

const userManager = createUserManager(settings);
export default userManager;

日志文件的相关部分

这是Kudu的日志

2019-07-01T13:49:14  Welcome, you are now connected to log-streaming service.
2019-07-01 23:49:16.723 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:16.735 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name - johndong
2019-07-01 23:49:16.735 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - IdentityServer4
2019-07-01 23:49:16.735 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:16.775 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:16.775 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null?  - True
2019-07-01 23:49:16.797 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - tokenvalidator
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:18.833 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:18.833 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null?  - True
2019-07-01 23:49:18.833 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - UserInfo
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null?  - True
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name - johndong
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - IdentityServer4
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:21.510 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:21.510 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null?  - True
2019-07-01 23:49:21.510 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:22.684 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:22.684 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:22.684 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - tokenvalidator
2019-07-01 23:49:22.685 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:22.693 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:22.693 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null?  - True
2019-07-01 23:49:22.693 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - UserInfo
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null?  - True
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01T13:51:14  No new trace in the past 1 min(s).
2019-07-01T13:52:14  No new trace in the past 2 min(s).
2019-07-01T13:53:14  No new trace in the past 3 min(s).
2019-07-01T13:54:14  No new trace in the past 4 min(s).
2019-07-01T13:55:14  No new trace in the past 5 min(s).
2019-07-01T13:56:14  No new trace in the past 6 min(s).
2019-07-01T13:57:14  No new trace in the past 7 min(s).
2019-07-01T13:58:14  No new trace in the past 8 min(s).
2019-07-01T13:59:14  No new trace in the past 9 min(s).
2019-07-01T14:00:14  No new trace in the past 10 min(s).

这是我遇到无限循环问题时看到的网络日志。

Request URL: https://bizbox-accounts-dev.azurewebsites.net/connect/authorize?client_id=timekeeping.web.local&redirect_uri=https%3A%2F%2Flocalhost%3A3031%2Foidc%2Fsilent_renew.html&response_type=id_token&scope=openid&state=acd1d9d5980a491fb64df5df32c5ae6b&nonce=6b3295da819e4e9b928d5d93f2b2fa1d&prompt=none
Referrer Policy: no-referrer-when-downgrade
Provisional headers are shown
Referer: https://localhost:3031/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
client_id: timekeeping.web.local
redirect_uri: https://localhost:3031/oidc/silent_renew.html
response_type: id_token
scope: openid
state: acd1d9d5980a491fb64df5df32c5ae6b
nonce: 6b3295da819e4e9b928d5d93f2b2fa1d
prompt: none

0 个答案:

没有答案