我已经建立了一个运行IdentityServer4的应用程序。身份验证成功后,应用程序将成功重定向到SPA。但是,身份验证cookie尚未发布/设置。
...
if (user == null || !await _userManager.CheckPasswordAsync(user, command.Password))
return false;
var authProps = new AuthenticationProperties
{
ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2),
AllowRefresh = true,
RedirectUri = command.ReturnUrl
};
await _httpContextAccessor.HttpContext.SignInAsync(user.Id, user.UserName, authProps);
...
我可以在调试过程中访问HttpContext,并看到身份验证请求包含三个cookie。它们是idsrv.session,.AspNetCore.Identity.Application和.AspNetCore.Antiforgery.DDqAOdu0VYk。
但是,在上面的代码中运行SignInAsync之后,我可以在HttpContext中看到未设置cookie idsvr。该应用程序不使用cookie重定向到SPA。那不是应该设置包含响应令牌的cookie吗?
我具有以下配置:
客户端配置:
new Client
{
ClientId = "client",
ClientName = "React Client",
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
RequireClientSecret = false,
RedirectUris = { "http://localhost:9000" },
PostLogoutRedirectUris = { "http://localhost" },
AllowedCorsOrigins = { "http://localhost:9000" },
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"clientService"
},
}
身份验证设置:
services.AddAuthentication()
.AddOpenIdConnect("oidc", "OpenID Connect", options =>
{
options.SignInScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.Authority = "http://localhost";
options.ClientId = "implicit";
});
为什么未设置cookie?