https://localhost:5000/connect/token 400错误请求标识服务器角9 OIDC客户端
https://localhost:5000/connect/token 400错误请求标识服务器角9 OIDC客户端
提问于 2020-05-10 10:50:55
我正在使用身份服务器4 Mongo和下面的配置
private static string apiScope = "IdentityPortal.API";
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "Local",
//ClientName = "Local",
AllowedCorsOrigins = new List<string> { "http://localhost:4200","https://localhost:4200" },
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime=86400,
RequireConsent = false,
UpdateAccessTokenClaimsOnRefresh = true,
RedirectUris = LocalRedirectUris(),
PostLogoutRedirectUris = LocalRedirectUris(),
AllowedScopes = AllowedScopes(),
AllowOfflineAccess = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
}
};
}
private static ICollection<string> AllowedScopes()
{
return new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
apiScope
};
}角客户端
openID = {
authority: "https://localhost:5000",
client_id: "Local",
redirect_uri: "https://localhost:4200/auth-callback",
post_logout_redirect_uri: "https://localhost:4200",
response_type: "code",
scope : "openid profile email IdentityPortal.API",
silent_redirect_uri: `https://localhost:4200/assets/silent-callback.html`
};我能够从Identity Server返回到客户端,但是在面临问题的回调组件上
Error: invalid_client
at XMLHttpRequest.s.onload [as __zone_symbol__ON_PROPERTYload] (oidc-client.min.js:1)
at XMLHttpRequest.wrapFn (zone-evergreen.js:1218)
at ZoneDelegate.invokeTask (zone-evergreen.js:399)
at Object.onInvokeTask (core.js:41814)
at ZoneDelegate.invokeTask (zone-evergreen.js:398)
at Zone.runTask (zone-evergreen.js:167)
at ZoneTask.invokeTask [as invoke] (zone-evergreen.js:480)
at invokeTask (zone-evergreen.js:1621)
at XMLHttpRequest.globalZoneAwareCallback (zone-evergreen.js:1658)发生此错误的原因是
const user = await this.authService.completeAuthentication();
async completeAuthentication(): Promise<Oidc.User> {
let user = await new Promise<Oidc.User>((resolve, reject) => {
this.userManager.signinRedirectCallback().then(user => { resolve(user) }).catch(error => { reject(error); });
});
this.user = user;
return this.user;
}在铬控制台上
https://localhost:5000/connect/token ->400个错误请求
这是表单数据
回答 2
Stack Overflow用户
发布于 2020-05-18 03:14:37
我需要更改配置设置才能工作。
PKCE已经是本地应用程序和SPAs的官方推荐,随着ASP.NET核心3的发布,OpenID连接处理程序也默认支持。
来自身份服务器4文档
var client = new Client
{
ClientId = "...",
// set client secret for confidential clients
ClientSecret = { ... },
// ...or turn off for public clients
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true
};更新客户端配置
new Client
{
ClientId = "Local",
//ClientSecrets = new List<Secret> { secret },
ClientName = "Local",
AllowedCorsOrigins = new List<string> { "http://localhost:4200","https://localhost:4200" },
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime=86400,
RequireConsent = false,
UpdateAccessTokenClaimsOnRefresh = true,
RedirectUris = LocalRedirectUris(),
PostLogoutRedirectUris = LocalRedirectUris(),
AllowedScopes = AllowedScopes(),
AllowOfflineAccess = true,
AccessTokenType = AccessTokenType.Jwt,
RequireClientSecret = false,
RequirePkce = true
}Stack Overflow用户
发布于 2020-05-10 12:45:23
您不能连接到身份服务器从角度应用程序与code grant_type!因此,您需要更改这一行:
AllowedGrantTypes = GrantTypes.Code,对此:
AllowedGrantTypes = GrantTypes.Implicit,ans还更改了这一行:
response_type: "code",对此:
response_type: "id_token token",希望这能行。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61710772
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号