Identity Server 3 - 客户端应用程序未知或未经授权
Identity Server 3 - The client application is not known or is not authorized
我在访问我网站的受保护区域时遇到错误 'The client application is not known or is not authorized.'。
这是我的客户:
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
Enabled = true,
ClientName = "Web Application",
ClientId = "webapplication",
Flow = Flows.AuthorizationCode,
ClientSecrets = new List<Secret>
{
new Secret("webappsecret".Sha256())
},
RedirectUris = new List<string>
{
UrlManager.WebApplication
},
PostLogoutRedirectUris = new List<string>
{
UrlManager.WebApplication
},
AllowedScopes = new List<string>
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Email,
Constants.StandardScopes.Roles,
Constants.StandardScopes.OfflineAccess,
"read",
"write"
}
}
};
}
}
这是我的 Web 应用程序启动:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = UrlManager.AuthenticationService + "identity",
ClientId = "webapplication",
Scope = "openid profile",
ResponseType = "code id_token",
RedirectUri = UrlManager.WebApplication,
SignInAsAuthenticationType = "Cookies"
});
}
}
这是我的身份验证服务(安装了 IDS3)启动:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Authentication Service - Embedded IdentityServer",
SigningCertificate = Certificate.LoadCertificate(),
Factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
});
});
}
}
这是 UrlManager:
public static class UrlManager
{
public static string WebApplication
{
get { return "https://localhost:44381/"; }
}
public static string AuthenticationService
{
get { return "https://localhost:44329/"; }
}
}
这是我的家庭控制器:
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize]
public ActionResult Private()
{
return View((User as ClaimsPrincipal).Claims);
}
}
当我访问 Private 时,我看到一个 Identity Server 3 屏幕,显示错误消息 'The client application is not known or is not authorized.'。
我了解到这可能是由于重定向 URI 不匹配造成的,但据我所知我的是正确的。我不知道还有什么可以导致它。如果我将流程更改为隐式但我想实施 AuthorizationCode 流程,应用程序将完美运行。
文档似乎也没有说明这一点。
客户端配置了授权代码流
Flow = Flows.AuthorizationCode
但是启动时的响应类型设置为混合流。
ResponseType = "code id_token"
尝试将其更改为
ResponseType = "code" (or Change the Flow type to Hybrid)
下面是ResponseType和对应Flow的列表
我收到这个错误,问题出在 RedirectUri.
在授权服务器中是 http://localhost:56840/ and in the Web App was http://localhost:56840。
请注意 url.
末尾缺少的“/”
如果您的 ClientUri 域名与您的 ClientRedirectUri 域名不匹配,也会发生这种情况。
看到我遇到这个问题是因为缺少“www”。在客户端重定向 uri.
问题 - ClientRedirectUri 没有“www”。其中:
客户端URI:
https://www.mydomainname.co.uk
ClientRedirectUri:
https://mydomainname.co.uk/umbraco/surface/UmbracoIdentityAccount/ExternalLoginCallback
解决方案 - ClientRedirectUri 有“www”。在其中,就像 ClientUri 所做的那样:
客户端URI:
https://www.mydomainname.co.uk
ClientRedirectUri:
https://www.mydomainname.co.uk/umbraco/surface/UmbracoIdentityAccount/ExternalLoginCallback
我在访问我网站的受保护区域时遇到错误 'The client application is not known or is not authorized.'。
这是我的客户:
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
Enabled = true,
ClientName = "Web Application",
ClientId = "webapplication",
Flow = Flows.AuthorizationCode,
ClientSecrets = new List<Secret>
{
new Secret("webappsecret".Sha256())
},
RedirectUris = new List<string>
{
UrlManager.WebApplication
},
PostLogoutRedirectUris = new List<string>
{
UrlManager.WebApplication
},
AllowedScopes = new List<string>
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Email,
Constants.StandardScopes.Roles,
Constants.StandardScopes.OfflineAccess,
"read",
"write"
}
}
};
}
}
这是我的 Web 应用程序启动:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = UrlManager.AuthenticationService + "identity",
ClientId = "webapplication",
Scope = "openid profile",
ResponseType = "code id_token",
RedirectUri = UrlManager.WebApplication,
SignInAsAuthenticationType = "Cookies"
});
}
}
这是我的身份验证服务(安装了 IDS3)启动:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Authentication Service - Embedded IdentityServer",
SigningCertificate = Certificate.LoadCertificate(),
Factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
});
});
}
}
这是 UrlManager:
public static class UrlManager
{
public static string WebApplication
{
get { return "https://localhost:44381/"; }
}
public static string AuthenticationService
{
get { return "https://localhost:44329/"; }
}
}
这是我的家庭控制器:
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize]
public ActionResult Private()
{
return View((User as ClaimsPrincipal).Claims);
}
}
当我访问 Private 时,我看到一个 Identity Server 3 屏幕,显示错误消息 'The client application is not known or is not authorized.'。
我了解到这可能是由于重定向 URI 不匹配造成的,但据我所知我的是正确的。我不知道还有什么可以导致它。如果我将流程更改为隐式但我想实施 AuthorizationCode 流程,应用程序将完美运行。
文档似乎也没有说明这一点。
客户端配置了授权代码流
Flow = Flows.AuthorizationCode
但是启动时的响应类型设置为混合流。
ResponseType = "code id_token"
尝试将其更改为
ResponseType = "code" (or Change the Flow type to Hybrid)
下面是ResponseType和对应Flow的列表
我收到这个错误,问题出在 RedirectUri. 在授权服务器中是 http://localhost:56840/ and in the Web App was http://localhost:56840。 请注意 url.
末尾缺少的“/”如果您的 ClientUri 域名与您的 ClientRedirectUri 域名不匹配,也会发生这种情况。
看到我遇到这个问题是因为缺少“www”。在客户端重定向 uri.
问题 - ClientRedirectUri 没有“www”。其中:
客户端URI: https://www.mydomainname.co.uk
ClientRedirectUri: https://mydomainname.co.uk/umbraco/surface/UmbracoIdentityAccount/ExternalLoginCallback
解决方案 - ClientRedirectUri 有“www”。在其中,就像 ClientUri 所做的那样:
客户端URI: https://www.mydomainname.co.uk
ClientRedirectUri: https://www.mydomainname.co.uk/umbraco/surface/UmbracoIdentityAccount/ExternalLoginCallback