Xamarin.forms身份验证PKCE

时间:2019-09-26 09:19:38

标签: c# xamarin oauth identityserver4 pkce

我有一个身份服务器4应用程序,我正在尝试使用PKCE登录到使用Xamarin.forms应用程序。我一直从身份服务器收到错误,但实际上我从未见过。 code_challenge is missing我猜我使用了错误的授予类型,但是我为Xamarin找到的所有文档都说我应该使用这一类型。

如何将Xamarin连接到Identity Server 4?

错误

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      code_challenge is missing
{
        "ClientId": "xamarin",
        "ClientName": "eShop Xamarin OpenId Client",
        "RedirectUri": "1046123799103-h63f9o1cnj78fo26okng1aacr9e89u2e:/oauth2redirect",
        "AllowedRedirectUris": [
          "http://localhost:5001/signin-oidc"
        ],
        "SubjectId": "anonymous",
        "ResponseType": "code",
        "ResponseMode": "query",
        "GrantType": "authorization_code",
        "RequestedScopes": "",
        "State": "egfczresvcjyeerw",
        "Raw": {
          "client_id": "xamarin",
          "redirect_uri": "1046123799103-h63f9o1cnj78fo26okng1aacr9e89u2e:/oauth2redirect",
          "scope": "profile openid nol_api navinfo",
          "response_type": "code",
          "state": "egfczresvcjyeerw"
        }
      }

身份服务器中的客户端ID 

new Client
            {
                ClientId = "xamarin",
                ClientName = "eShop Xamarin OpenId Client",
                AllowedGrantTypes = GrantTypes.Code,

                RedirectUris = { "http://localhost:5001/signin-oidc" },
                RequireConsent = false,
                RequirePkce = true,
                PostLogoutRedirectUris = { "http://localhost:8008/Account/Redirecting" },
                AllowedScopes = new List<string>
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "navinfo",
                    $"{nolConfig.Client}_api"
                },
                AllowOfflineAccess = true,
                AllowAccessTokensViaBrowser = true,
                RequireClientSecret = false
            }

xamarin代码

Authenticator = new OAuth2Authenticator
            (
                _clientId,
                _secret,
                _scopes,
                new Uri(_discoveryDoc.AuthorizationEndpoint),
                _redirectUri,
                new Uri(_discoveryDoc.TokenEndpoint),
                null,
                isUsingNativeUI: true
            );

如果我从身份服务器中的客户端中删除RequirePkce = true,,则不会再收到有问题的错误。从我的发现中可以看出,Xamarin.auth还不支持PKCE。这意味着我要么必须禁用它,要么自己实现它。

如何从启用PKCE的XAmarin表单登录到身份服务器4。

1 个答案:

答案 0 :(得分:0)

似乎OAuth2Authenticator中的PKCE由于没有客户端密码而被启用:

    protected bool IsProofKeyCodeForExchange
    {
        get
        {
            return
                accessTokenUrl != null                    // AccessToken url is defined
                &&
                string.IsNullOrWhiteSpace(clientSecret)   // Client Secret is not defined
                ;
        }
    }

所以我会尝试

Authenticator = new OAuth2Authenticator
        (
            _clientId,
            null,
            _scopes,
            new Uri(_discoveryDoc.AuthorizationEndpoint),
            _redirectUri,
            new Uri(_discoveryDoc.TokenEndpoint),
            null,
            isUsingNativeUI: true
        );
相关问题
最新问题