我在设置IdentityServer4来授权WPF客户端时遇到问题-我以前已经成功地将其与.NET Code网站结合使用(最终)。 像.NET Core网站一样,我使用的是“ Hybrid”,但是当网站返回授权类型为“ authorization_code”时,WPF应用程序就崩溃了。这是日志摘要:
SELECT [c0].[Id], [c0].[ClientId], [c0].[RedirectUri]
FROM (
SELECT TOP(@__p_1) [c].[Id], [c].[AbsoluteRefreshTokenLifetime], [c].[AccessTokenLifetime], [c].[AccessTokenType], [c].[AllowAccessTokensViaBrowser], [c].[AllowOfflineAccess], [c].[AllowPlainTextPkce], [c].[AllowRememberConsent], [c].[AlwaysIncludeUserClaimsInIdToken], [c].[AlwaysSendClientClaims], [c].[AuthorizationCodeLifetime], [c].[BackChannelLogoutSessionRequired], [c].[BackChannelLogoutUri], [c].[ClientClaimsPrefix], [c].[ClientId], [c].[ClientName], [c].[ClientUri], [c].[ConsentLifetime], [c].[Created], [c].[Description], [c].[DeviceCodeLifetime], [c].[EnableLocalLogin], [c].[Enabled], [c].[FrontChannelLogoutSessionRequired], [c].[FrontChannelLogoutUri], [c].[IdentityTokenLifetime], [c].[IncludeJwtId], [c].[LastAccessed], [c].[LogoUri], [c].[NonEditable], [c].[PairWiseSubjectSalt], [c].[ProtocolType], [c].[RefreshTokenExpiration], [c].[RefreshTokenUsage], [c].[RequireClientSecret], [c].[RequireConsent], [c].[RequirePkce], [c].[SlidingRefreshTokenLifetime], [c].[UpdateAccessTokenClaimsOnRefresh], [c].[Updated], [c].[UserCodeType], [c].[UserSsoLifetime]
FROM [Clients] AS [c]
WHERE [c].[ClientId] = @__clientId_0
) AS [t]
INNER JOIN [ClientRedirectUris] AS [c0] ON [t].[Id] = [c0].[ClientId]
dbug: IdentityServer4.EntityFramework.Stores.ClientStore[0]
VTConsole found in database: True
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client VTConsole succeeded.
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Checking for PKCE parameters
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: authorization_code
{
"ClientId": "VTConsole",
"ClientName": "VTConsole Client",
"RedirectUri": "http://localhost/VT_ConsoleCore",
"AllowedRedirectUris": [
"http://localhost/VT_ConsoleCore"
],
"SubjectId": "anonymous",
"ResponseType": "code",
"ResponseMode": "query",
"GrantType": "authorization_code",
"RequestedScopes": "",
"State": "pW44DAo0a5FM6jjnYCMaGQ",
"Raw": {
"response_type": "code",
"nonce": "uddkyT-k7lbKpLfFArzmiw",
"state": "pW44DAo0a5FM6jjnYCMaGQ",
"code_challenge": "X-rkJyBEUWcS7_hrpVzsKQP5C-lC_Sd1Yll_xu195tA",
"code_challenge_method": "S256",
"client_id": "VTConsole",
"scope": "LDH001 offline_access CMDS ",
"redirect_uri": "http://localhost/VT_ConsoleCore"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
此处记录的查询返回client_id 7和重定向URI http://localhost/VT_ConsoleCore-两者均符合预期
ClientGrantTypes上ID为7的条目是混合条目。
ClientScopes具有LDH001,offline_access和CMDS的条目,但是LDH001是新的,但它存在于APIScopes和APIResources中。
这是我从WPF后台代码调用IdentityServer4的方式:
var options = new OidcClientOptions
{
Authority = this.config.p_Authority,
ClientId = this.config.p_ClientId,
RedirectUri = "http://localhost/VT_ConsoleCore",
Browser = new WpfEmbeddedBrowser()
};
foreach (CScopeMasterBase scope in this.scopes)
{
options.Scope+= $"{scope.p_AddScopeFor} ";
}
_oidcClient = new OidcClient(options);
答案 0 :(得分:0)
结果显示选项需要以下附加条目
Flow = OidcClientOptions.AuthenticationFlow.Hybrid,