我正在尝试使用"oidc-client": "1.10.1"
使Identity Server 4在具有Angular 8 SPA的ASP Net Core 3应用程序中工作。
如果我将以下内容添加到我的appsettings.json
"IdentityServer": {
"Key": {
"Type": "File",
"FilePath": "acertificate.pfx",
"Password": "notmyrealpassword..orisit?"
},
"Clients": {
"dev-client": {
"Profile": "IdentityServerSPA",
}
}
}
使用此客户端:
{
authority: 'https://localhost:5001/',
client_id: 'dev-client',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile API',
filterProtocolClaims: true,
loadUserInfo: true
}
我得到:Invalid redirect_uri: http://localhost:4200/auth-callback
添加。
"dev-client": {
"Profile": "IdentityServerSPA",
"RedirectUris": [ "http://localhost:4200/auth-callback" ]
}
什么都不做。如果我添加从文档中复制(几乎)复制的客户端配置
"Clients": [
{
"Enabled": true,
"ClientId": "dev-client",
"ClientName": "Local Development",
"AllowedGrantTypes": [ "implicit" ],
"AllowedScopes": [ "openid", "profile", "API" ],
"RedirectUris": [ "http://localhost:4200/auth-callback" ],
"RequireConsent": false,
"RequireClientSecret": false
}
]
我在启动时得到System.InvalidOperationException: 'Type '' is not supported.'
如果我尝试在代码中配置客户端,并且仅将“ Key”部分保留在appsettings中
services
.AddIdentityServer(options =>
{
options.Cors.CorsPolicyName = _CorsPolicyName;
})
.AddInMemoryClients(new IdentityServer4.Models.Client[] {
new IdentityServer4.Models.Client
{
ClientId = "dev-client",
ClientName = "JavaScript Client",
ClientUri = "http://localhost:4200",
AllowedGrantTypes = { IdentityModel.OidcConstants.GrantTypes.Implicit },
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:4200/auth-callback" },
PostLogoutRedirectUris = { "http://localhost:4200" },
AllowedCorsOrigins = { "http://localhost:4200" },
AllowedScopes =
{
IdentityServer4.IdentityServerConstants.StandardScopes.OpenId,
IdentityServer4.IdentityServerConstants.StandardScopes.Profile,
IdentityServer4.IdentityServerConstants.StandardScopes.Email,
"API"
}
}
})
我得到:Unknown client or not enabled: dev-client
。
有人帮助我保持理智,指出我(很可能是显而易见的)错误。
答案 0 :(得分:2)
ASP.NET Identity覆盖记录的IdentityServer Clients配置方法,期望使用dictionary of well-known values。您可以通过创建非名为Clients
的部分并明确读取该部分来绕过此操作。此外,AddApiAuthorization
在ApiAuthorizationOptions上公开Clients集合,可用于添加其他客户端:
.AddApiAuthorization<...>(options =>
{
options.Clients.AddRange(Configuration.GetSection("IdentityServer:OtherClients").Get<Client[]>());
});