调用身份服务器令牌端点

Calling Identity Server Token EndPoint

我想从我的 React App(运行 on http://localhost:3000)调用 IdentityServer 4 的 Token Endpoint。所以在我做的一些登录方法中:

login = () => {
    const userdata = {
      username: 'admin',
      password: 'admin',
    };
    const dataForBody = `${'client_id=js&'}${'grant_type=password&' +
        'username='}${encodeURI(userdata.username)}&` +
        `password=${encodeURI(userdata.password)}&` +
        `scope=${encodeURI('api1')}`;

    const messageHeaders = {
      'Content-Type': 'application/x-www-form-urlencoded',
    };

    axios({
      method: 'post',
      url: 'http://localhost:5000/connect/token',
      headers: messageHeaders,
      data: dataForBody,
    })
      .then((response) => {
        console.log(response);
      });
  }

现在我收到以下回复:

{"error":"unauthorized_client"}

我的 IdSrv 设置类似于 js 应用程序示例。

config.cs

namespace QuickstartIdentityServer
{
    public class Config
    {
        // scopes define the API resources in your system
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("api1", "My API")
            };
        }

        // client want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                 new Client
                {
                    ClientId = "js",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,

                    RedirectUris =           { "http://localhost:3000/login" },
                    AllowedCorsOrigins =     { "http://localhost:3000" },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "api1"
                    }
                }
            };
        }

        public static List<TestUser> GetUsers()
        {

            return new List<TestUser> {
                new TestUser {
                    SubjectId = "1", Username = "admin", Password = "admin"
                },
             };

        }

    }
}

startup.cs

namespace QuickstartIdentityServer
{
    public class Startup
    {
        public void ConfigureServices(IServiceCollection services)
        {
            // configure identity server with in-memory stores, keys, clients and scopes
            services.AddIdentityServer()
                .AddTemporarySigningCredential()
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients())
                .AddTestUsers(Config.GetUsers());
        }

        public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(LogLevel.Debug);
            app.UseDeveloperExceptionPage();

            app.UseIdentityServer();
        }
    }
}

我是不是漏掉了什么?

跳出的直接问题是您试图通过将用户名和密码作为 URL 参数传递来使用令牌服务进行身份验证。客户端的用户名和密码应该使用标准的基本授权header:

传入
Authorization: Basic Base64Encode(myusername:mypassword)

对于这个例子,最终看起来像这样:

Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk

问题出在客户端定义中:

AllowedGrantTypes = GrantTypes.Implicit,

不正确。我们必须改用:

AllowedGrantTypes = ResourceOwnerPassword