OpenIddict + Steam 授权失败(jwt 承载)
OpenIddict + Steam authorization failed(jwt bearer)
我有一些烦恼。我将 Openiddict 与 AspNet.Security.OpenID.Steam 一起使用并收到了不记名令牌,(Guide) 但是当我发送请求时我看到了它
System.InvalidOperationException: An unknown error occurred while retrieving the OpenIddict validation context.
at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
services.AddAuthentication()
.AddCookie()
.AddSteam(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ApplicationKey = configuration["Steam:ApiKey"];
});
services.AddOpenIddict()
.AddServer(options =>
{
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.SetAuthorizationEndpointUris("/connect/authorize")
.SetTokenEndpointUris("/connect/token");
options.EnableDegradedMode();
options.UseAspNetCore();
options.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();
options.AddEventHandler<OpenIddictServerEvents.ValidateAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.RedirectUri, "https://localhost:5001",
StringComparison.Ordinal) &&
!string.Equals(context.RedirectUri, "http://localhost:4200", StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,
description:
"The specified 'redirect_uri' is not valid for this client application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.ValidateTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.ClientId, "angular_client", StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified 'client_id' doesn't match a registered application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.HandleAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(async context =>
{
var request = context.Transaction.GetHttpRequest() ??
throw new InvalidOperationException(
"The ASP.NET Core request cannot be retrieved.");
var principal =
(await request.HttpContext.AuthenticateAsync(SteamAuthenticationDefaults
.AuthenticationScheme))?.Principal;
if (principal == null)
{
await request.HttpContext.ChallengeAsync(SteamAuthenticationDefaults
.AuthenticationScheme);
context.HandleRequest();
return;
}
var identity = new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType);
identity.AddClaim(new Claim(OpenIddictConstants.Claims.Subject,
principal.GetClaim(ClaimTypes.NameIdentifier)));
foreach (var claim in identity.Claims)
{
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken);
}
context.Principal = new ClaimsPrincipal(identity);
}));
})
.AddValidation(options =>
{
options.UseLocalServer();
options.UseAspNetCore();
});
我的代码在github下面!
https://github.com/Excalib88/SteamGames/blob/master/SteamGames.Web/Extensions/ServiceCollectionExtensions.cs
拜托,你能帮帮我吗!我花了很多时间来修复它((
ASP.NET 核心身份验证和授权中间件的顺序不正确:app.UseAuthentication() 必须在 app.UseAuthorization() 之前调用。
我有一些烦恼。我将 Openiddict 与 AspNet.Security.OpenID.Steam 一起使用并收到了不记名令牌,(Guide) 但是当我发送请求时我看到了它
System.InvalidOperationException: An unknown error occurred while retrieving the OpenIddict validation context. at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
services.AddAuthentication()
.AddCookie()
.AddSteam(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ApplicationKey = configuration["Steam:ApiKey"];
});
services.AddOpenIddict()
.AddServer(options =>
{
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.SetAuthorizationEndpointUris("/connect/authorize")
.SetTokenEndpointUris("/connect/token");
options.EnableDegradedMode();
options.UseAspNetCore();
options.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();
options.AddEventHandler<OpenIddictServerEvents.ValidateAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.RedirectUri, "https://localhost:5001",
StringComparison.Ordinal) &&
!string.Equals(context.RedirectUri, "http://localhost:4200", StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,
description:
"The specified 'redirect_uri' is not valid for this client application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.ValidateTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.ClientId, "angular_client", StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified 'client_id' doesn't match a registered application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.HandleAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(async context =>
{
var request = context.Transaction.GetHttpRequest() ??
throw new InvalidOperationException(
"The ASP.NET Core request cannot be retrieved.");
var principal =
(await request.HttpContext.AuthenticateAsync(SteamAuthenticationDefaults
.AuthenticationScheme))?.Principal;
if (principal == null)
{
await request.HttpContext.ChallengeAsync(SteamAuthenticationDefaults
.AuthenticationScheme);
context.HandleRequest();
return;
}
var identity = new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType);
identity.AddClaim(new Claim(OpenIddictConstants.Claims.Subject,
principal.GetClaim(ClaimTypes.NameIdentifier)));
foreach (var claim in identity.Claims)
{
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken);
}
context.Principal = new ClaimsPrincipal(identity);
}));
})
.AddValidation(options =>
{
options.UseLocalServer();
options.UseAspNetCore();
});
我的代码在github下面!
https://github.com/Excalib88/SteamGames/blob/master/SteamGames.Web/Extensions/ServiceCollectionExtensions.cs 拜托,你能帮帮我吗!我花了很多时间来修复它((
ASP.NET 核心身份验证和授权中间件的顺序不正确:app.UseAuthentication() 必须在 app.UseAuthorization() 之前调用。