OpenIDConnect 代码流和 Google
OpenIDConnect code flow and Google
我正在尝试使用 openID 连接通过代码流对 google 进行身份验证。
我正在向 google 发送授权请求,喜欢
GET https://accounts.google.com/o/oauth2/v2/auth? client_id=***.apps.googleusercontent.com&
redirect_uri=https%3a%2f%2flocalhost%3a44321%2fAccount%2fConfirmLogin&
response_mode=form_post&
response_type=code&
scope=openid+email+profile&
state=STUFF
nonce=A_NONCE
然后我得到一个 GET 响应
GET https://localhost:44321/Account/ConfirmLogin?state=STUFF&
code=Some letters&
authuser=0&
hd=my app domain&
session_state=HEX&
prompt=none
根据规范:http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse
When using the Authorization Code Flow, the Authorization Response MUST return the parameters defined in Section 4.1.2 of OAuth 2.0 [RFC6749] by adding them as query parameters to the redirect_uri specified in the Authorization Request using the application/x-www-form-urlencoded format, unless a different Response Mode was specified.
根据我对规范的阅读,这意味着 google 应该 return 向我的服务器发送 POST 而不是 GET?
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html 中定义的 form_post 响应模式支持是可选的,Google 不支持。因此该参数被忽略。
我正在尝试使用 openID 连接通过代码流对 google 进行身份验证。
我正在向 google 发送授权请求,喜欢
GET https://accounts.google.com/o/oauth2/v2/auth? client_id=***.apps.googleusercontent.com&
redirect_uri=https%3a%2f%2flocalhost%3a44321%2fAccount%2fConfirmLogin&
response_mode=form_post&
response_type=code&
scope=openid+email+profile&
state=STUFF
nonce=A_NONCE
然后我得到一个 GET 响应
GET https://localhost:44321/Account/ConfirmLogin?state=STUFF&
code=Some letters&
authuser=0&
hd=my app domain&
session_state=HEX&
prompt=none
根据规范:http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse
When using the Authorization Code Flow, the Authorization Response MUST return the parameters defined in Section 4.1.2 of OAuth 2.0 [RFC6749] by adding them as query parameters to the redirect_uri specified in the Authorization Request using the application/x-www-form-urlencoded format, unless a different Response Mode was specified.
根据我对规范的阅读,这意味着 google 应该 return 向我的服务器发送 POST 而不是 GET?
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html 中定义的 form_post 响应模式支持是可选的,Google 不支持。因此该参数被忽略。