IdentityServer4 中令牌端点的 HTTP 请求无效
Invalid HTTP request for token endpoint in IdentityServer4
使用带有调试跟踪的 IDS4,日志只给我一点点继续。当我 post 这样时,我收到了上述错误(令牌端点的无效 HTTP 请求):
Request starting HTTP/1.1 POST http://localhost:5000/connect/token?grant_type=password&client_id=resClient&client_secret=TopSecret&username=admin&password=admin123
在客户端(网络浏览器)我只得到
{ "error": "invalid_request" }
整个调试日志如下所示:
dbug: Microsoft.AspNetCore.Server.Kestrel[1]
Connection id "0HL2NGBR0Q1O4" started.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://localhost:5000/connect/token?grant_type=password&client_id=resClient&client_secret=TopSecret&username=admin&password=admin123 0
dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[9]
AuthenticationScheme: idsrv was not authenticated.
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Mapping found for endpoint: Token, creating handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
trce: IdentityServer4.Endpoints.TokenEndpoint[0]
Processing token request.
warn: IdentityServer4.Endpoints.TokenEndpoint[0]
Invalid HTTP request for token endpoint
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.TokenErrorResult
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 348.2168ms 400 application/json
dbug: Microsoft.AspNetCore.Server.Kestrel[9]
Connection id "0HL2NGBR0Q1O4" completed keep alive response.
我的代码很少。这是 Startup.cs:
namespace IDServer4Test
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryClients(Configurations.Clients.GetClients())
.AddInMemoryApiResources(Configurations.Scopes.GetApiResources());
services.AddTransient<IResourceOwnerPasswordValidator, Configurations.ResourceOwnerPasswordValidator>();
services.AddTransient<IProfileService, Configurations.ProfileService>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(LogLevel.Trace);
app.UseIdentityServer();
}
}
}
Clients.cs:
public class Clients
{
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "resClient",
ClientSecrets = { new Secret("TopSecret".Sha256()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = { "myAPI" }
}
};
}
}
和Scopes.cs:
public class Scopes
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("myAPI", "My API")
};
}
}
我应该从 IdentityServer 取回令牌响应,但一直返回此错误。有什么想法吗?
您在创建 post 时没有包括您需要令牌的 scope。在您的请求中包含 &scope=myAPI,我认为您的请求将有效。
这是对令牌端点的无效 HTTP 请求;)
你检查过规范了吗?
https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2
参数在POST体中传递。
在 C# 中请求令牌的最简单方法是使用 IdentityModel 客户端库
https://github.com/IdentityModel/IdentityModel2
使用带有调试跟踪的 IDS4,日志只给我一点点继续。当我 post 这样时,我收到了上述错误(令牌端点的无效 HTTP 请求):
Request starting HTTP/1.1 POST http://localhost:5000/connect/token?grant_type=password&client_id=resClient&client_secret=TopSecret&username=admin&password=admin123
在客户端(网络浏览器)我只得到
{ "error": "invalid_request" }
整个调试日志如下所示:
dbug: Microsoft.AspNetCore.Server.Kestrel[1]
Connection id "0HL2NGBR0Q1O4" started.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://localhost:5000/connect/token?grant_type=password&client_id=resClient&client_secret=TopSecret&username=admin&password=admin123 0
dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[9]
AuthenticationScheme: idsrv was not authenticated.
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Mapping found for endpoint: Token, creating handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
trce: IdentityServer4.Endpoints.TokenEndpoint[0]
Processing token request.
warn: IdentityServer4.Endpoints.TokenEndpoint[0]
Invalid HTTP request for token endpoint
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.TokenErrorResult
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 348.2168ms 400 application/json
dbug: Microsoft.AspNetCore.Server.Kestrel[9]
Connection id "0HL2NGBR0Q1O4" completed keep alive response.
我的代码很少。这是 Startup.cs:
namespace IDServer4Test
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryClients(Configurations.Clients.GetClients())
.AddInMemoryApiResources(Configurations.Scopes.GetApiResources());
services.AddTransient<IResourceOwnerPasswordValidator, Configurations.ResourceOwnerPasswordValidator>();
services.AddTransient<IProfileService, Configurations.ProfileService>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(LogLevel.Trace);
app.UseIdentityServer();
}
}
}
Clients.cs:
public class Clients
{
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "resClient",
ClientSecrets = { new Secret("TopSecret".Sha256()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = { "myAPI" }
}
};
}
}
和Scopes.cs:
public class Scopes
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("myAPI", "My API")
};
}
}
我应该从 IdentityServer 取回令牌响应,但一直返回此错误。有什么想法吗?
您在创建 post 时没有包括您需要令牌的 scope。在您的请求中包含 &scope=myAPI,我认为您的请求将有效。
这是对令牌端点的无效 HTTP 请求;)
你检查过规范了吗? https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2
参数在POST体中传递。
在 C# 中请求令牌的最简单方法是使用 IdentityModel 客户端库 https://github.com/IdentityModel/IdentityModel2