Json 从 IdentityServer4 验证用户

Json to Authenticate User From IdentityServer4

我已经设置了实现 oAuth 和 OpenId Connect 的 IdentityServer4,简单实现如下所示

services.AddIdentityServer()
    .AddTemporarySigningCredential()
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    .AddInMemoryApiResources(Config.GetApiResources())
    .AddInMemoryClients(Config.GetClients())
    .AddTestUsers(Config.GetTestUsers());

我们的客户端设置如下:

new Client
{
    ClientId = "oauthClient",
    ClientName = "Example Client Credentials Client Application",
    AllowedGrantTypes = GrantTypes.ClientCredentials,
    ClientSecrets = new List<Secret> {
        new Secret("superSecretPassword".Sha256())},
           AllowedScopes = new List<string> {"customAPI.read"}
    }

我正在尝试弄清楚如何为用户创建登录请求 我在 post 正文中传递此 json 以获得对身份验证令牌的访问权

{
   grant_type:client_credentials,
   scope=customAPI.read,
   client_id=oauthClient
   client_secret=superSecretPassword
}

我正在寻找一种方法来执行此操作,但假设我有

username: admin password: root

我必须在 json 中修改哪些参数才能以用户身份登录?如何传递用户名、密码以及我的 Grant_Type?

我的问题是我的客户端设置,我的客户端只接受授权类型的客户端凭据,我还需要包括 ResourceOwnerPassword。

我需要将客户端中的授权类型更改为这样

new Client
{
    ClientId = "oauthClient",
    ClientName = "Example Client Credentials Client Application",
    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
    ClientSecrets = new List<Secret> {
        new Secret("superSecretPassword".Sha256())},
    AllowedScopes = new List<string> {"customAPI.read"}
}

现在我们可以像这样形成Post正文Json

url: localhost/connect/token
Content-Type: application/x-www-form-urlencoded,
data: {
    grant_type: 'password',
    scope: 'customAPI.read',
    client_id: 'oauthClient',
    client_secret:'superSecretPassword',
    username:'admin',
    password: 'root'
}

编辑

根据 IdentityServer4 Documentation

显然不再推荐使用 ResourceOwnerPassword

The spec recommends using the resource owner password grant only for “trusted” (or legacy) applications. Generally speaking you are typically far better off using one of the interactive OpenID Connect flows when you want to authenticate a user and request access tokens.