问题描述
我已经使用 OpenIddict 为 ClientCredentials 配置了一个授权服务器,如下所示。
services.AddOpenIddict()
// Register the OpenIddict core components.
.AddCore(options =>
{
// Configure OpenIddict to use the Entity Framework Core stores and models.
// Note: call ReplaceDefaultEntities() to replace the default entities.
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
// Register the OpenIddict server components.
.AddServer(options =>
{
// Enable the token endpoint.
options.SetTokenEndpointUris("/connect/token");
// Enable the client credentials flow.
options.AllowClientCredentialsFlow();
// Register the signing and encryption credentials.
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
// Register the ASP.NET Core host and configure the ASP.NET Core options.
options.UseAspNetCore()
.EnabletokenEndpointPassthrough();
options.disableAccesstokenEncryption();
})
// Register the OpenIddict validation components.
.AddValidation(options =>
{
// Import the configuration from the local OpenIddict server instance.
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
当 client_id 和 client_secret 在请求正文中时,我可以获得 access_token。 access token returned
[12:20:27 INF] HTTP POST /connect/token responded 400 in 377.3274 ms
[12:21:22 INF] The request address matched a server endpoint: Token.
[12:21:22 INF] The token request was successfully extracted: {
"grant_type": "client_credentials","client_id": "PVHP","client_secret": "[redacted]"
}.
但是当 client_id 和 client_secret 作为 Base64 编码的 client_id:client_secret 在 Basic Authorization 标头中发送时,它不起作用。在正文中指定了 grant_type=client_credentials。 error using basic auth
[12:21:23 WRN] Client authentication Failed for PVHP.
[12:21:23 ERR] The token request was rejected because the confidential application 'PVHP' didn't specify valid client credentials.
[12:21:23 INF] The response was successfully returned as a JSON document: {
"error": "invalid_client","error_description": "The specified client credentials are invalid.","error_uri": "https://documentation.openiddict.com/errors/ID2055"
}.
openid 配置文档似乎表明支持 client_secret_basic
[11:18:01 INF] The response was successfully returned as a JSON document: {
"issuer": "https://localhost:44371/","token_endpoint": "https://localhost:44371/connect/token","jwks_uri": "https://localhost:44371/.well-kNown/jwks","grant_types_supported": [
"client_credentials"
],"scopes_supported": [
"openid"
],"claims_supported": [
"aud","exp","iat","iss","sub"
],"id_token_signing_alg_values_supported": [
"RS256"
],"subject_types_supported": [
"public"
],"token_endpoint_auth_methods_supported": [
"client_secret_basic","client_secret_post"
],"claims_parameter_supported": false,"request_parameter_supported": false,"request_uri_parameter_supported": false
}.
我在设置服务器时是否遗漏了任何配置? 问候。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)