oauth2:“ userinfo端点缺少子声明” Microsost开放ID连接-OIDC CLient

时间:2020-01-11 01:06:16

标签: c# oauth-2.0 google-oauth identitymodel

我正在将Microsoft OidcClient用于Google帐户的oauth2.0,并且得到了

“用户信息端点缺少子声明”错误。”

任何人都可以建议我是否遗漏了什么或做错了什么。

public async Task Authorize ()
{
    InitializeComponent ();

    var providerInformation = new ProviderInformation
    {
        IssuerName = "accounts.google.com",
        AuthorizeEndpoint = "https://accounts.google.com/o/oauth2/auth",
        TokenEndpoint = "https://oauth2.googleapis.com/token",
        //UserInfoEndpoint = "https://openidconnect.googleapis.com/v1/userinfo",
        UserInfoEndpoint = "https://www.googleapis.com/oauth2/v3/tokeninfo", 
        KeySet = new JsonWebKeySet()
    };

    var scope = "https://www.googleapis.com/auth/fitness.blood_glucose.read https://www.googleapis.com/auth/fitness.body.read https://www.googleapis.com/auth/fitness.activity.read https://www.googleapis.com/auth/fitness.blood_pressure.read"; https://www.googleapis.com/auth/fitness.blood_glucose.read https://www.googleapis.com/auth/fitness.body.read https://www.googleapis.com/auth/fitness.activity.read https://www.googleapis.com/auth/fitness.blood_pressure.read"; 

    var options = new OidcClientOptions
    {
        Authority = "https://accounts.google.com/o/oauth2/auth",
        ClientId = "xyz",
        Scope = scope,
        RedirectUri = "com.abc.xyzt:/oauthredirect",
        Browser = browser,
        ProviderInformation = providerInformation,
        //ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
        TokenClientCredentialStyle = IdentityModel.Client.ClientCredentialStyle.AuthorizationHeader
    };

    _client = new OidcClient(options);
    await _client.LoginAsync(new LoginRequest());
}

我得到了6种不同类型的声明,但是我没有得到图书馆正在寻找的JwtClaimTypes.Subject "sub"enter image description here

任何人都可以帮助或建议如何解决此问题?

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。我提供了太多信息。而不是让库根据服务发现端点来确定。

public async Task Authorize ()
{
            var discovery = new DiscoveryPolicy
            {
                ValidateEndpoints = false,
                Authority = "https://accounts.google.com"
            };

            OidcClientOptions oidcClientOptions = new OidcClientOptions
            {
                Authority = "https://accounts.google.com",
                ClientId = "2345678",
                Scope = "https://www.googleapis.com/auth/fitness.body.read",
                RedirectUri = "com.abc.xyz",
                Browser = IoCRegistry.Locate<IBrowser>(),
                ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
                Policy = new Policy
                {
                    Discovery = discovery,
                    RequireAccessTokenHash = false 
                }
            };

           var _client = new OidcClient(oidcClientOptions);
           var result = await _client.LoginAsync(new LoginRequest());
}
相关问题
最新问题