将 Xamarin 客户端连接到 Identity Server4
Connecting Xamarin client to Identity Server4
我正在尝试将本机移动应用程序 (xamarin) 连接到身份服务器。我最初将流程设置为隐式,但有人告诉我这是不正确的。因此我更改了它的授权码流程。
这是我的客户端定义的样子
new Client
{
ClientId = "Xamarin",
ClientName = "Xamarin Client",
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
"api1"
},
RequireConsent = false
}
从我的 xamarin 应用程序,这就是我连接到身份服务器的方式。
void LoginButton_Clicked(object sender, EventArgs e)
{
StartFlow("token", "api1");
}
public void StartFlow(string responseType, string scope)
{
var authorizeRequest =
new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");
var dic = new Dictionary<string, string>();
dic.Add("client_id", "Xamarin");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
webLogin.Source = authorizeUri;
webLogin.IsVisible = true;
}
我在移动应用程序中收到错误 "unauthorized_client",并且在我的服务器日志中显示:
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: implicit
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
但是如果您检查我的代码,我没有针对此客户端类型的隐式流程。我已经仔细检查了我的数据库以确保它是 authorization_code。如果有人能帮我解决这个问题,我将不胜感激。
目前看来 idsrv4 不支持 code、code token 或 code id_token token,因为 response_type - 仅支持 code id_token。至少当前的演示站点在尝试测试客户端和使用 server.code 客户端的 /authorize 请求时失败。
我发现与授权代码相关的唯一工作客户端是混合设置(code id_token / server.hybrid):
https://demo.identityserver.io/connect/authorize?
client_id=server.hybrid&
response_type=code id_token&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2
不确定为什么会这样,因为它已经在发现文档的 supported_response_types 列表中。也许Dominic/Brock可以填写
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
非工作代码流授权请求(unsupported_response_type):
https://demo.identityserver.io/connect/authorize?
client_id=server.code&
response_type=code&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2
我正在尝试将本机移动应用程序 (xamarin) 连接到身份服务器。我最初将流程设置为隐式,但有人告诉我这是不正确的。因此我更改了它的授权码流程。
这是我的客户端定义的样子
new Client
{
ClientId = "Xamarin",
ClientName = "Xamarin Client",
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
"api1"
},
RequireConsent = false
}
从我的 xamarin 应用程序,这就是我连接到身份服务器的方式。
void LoginButton_Clicked(object sender, EventArgs e)
{
StartFlow("token", "api1");
}
public void StartFlow(string responseType, string scope)
{
var authorizeRequest =
new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");
var dic = new Dictionary<string, string>();
dic.Add("client_id", "Xamarin");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
webLogin.Source = authorizeUri;
webLogin.IsVisible = true;
}
我在移动应用程序中收到错误 "unauthorized_client",并且在我的服务器日志中显示:
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: implicit
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
但是如果您检查我的代码,我没有针对此客户端类型的隐式流程。我已经仔细检查了我的数据库以确保它是 authorization_code。如果有人能帮我解决这个问题,我将不胜感激。
目前看来 idsrv4 不支持 code、code token 或 code id_token token,因为 response_type - 仅支持 code id_token。至少当前的演示站点在尝试测试客户端和使用 server.code 客户端的 /authorize 请求时失败。
我发现与授权代码相关的唯一工作客户端是混合设置(code id_token / server.hybrid):
https://demo.identityserver.io/connect/authorize?
client_id=server.hybrid&
response_type=code id_token&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2
不确定为什么会这样,因为它已经在发现文档的 supported_response_types 列表中。也许Dominic/Brock可以填写
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
非工作代码流授权请求(unsupported_response_type):
https://demo.identityserver.io/connect/authorize?
client_id=server.code&
response_type=code&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2