Identity Server 4 - 出现 invalid_client 错误
Identity Server 4 - Getting invalid_client error
我是 Identity Server 的新手。我之前没有配置过。但是我正在做的项目需要它。
API 将为 Angular JS 客户端、iOS 应用程序和 Android 应用程序提供服务。我们需要实现身份验证和授权。
注意:我正在尝试在同一个 Web API 项目中配置身份服务器和我的 API。
我已经按照文档进行了如下配置 Identity Server:
在startup.cs,在ConfigureServices()
services.AddTransient<IProfileService, CustomProfileService>();
services.AddTransient<IResourceOwnerPasswordValidator, CustomResourceOwnerPasswordValidator>();
services.AddIdentityServer()
.AddTemporarySigningCredential()
// add the resources that need to be secured
.AddInMemoryApiResources(IdentityServerConfig.Resources.GetApiResources())
// add the clients that will be access the ApiResources
.AddInMemoryClients(IdentityServerConfig.Clients.GetClients());
CustomProfileService和CustomResourceOwnerPasswordValidator和这个答案一样:
在Configure()
// as this API will also be acting as an
app.UseIdentityServer();
// now setup the Identity Server client, this API will also be the client
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:44337",
RequireHttpsMetadata = false,
ApiName = "obApi"
});
这是GetClients()
public static IEnumerable<Client> GetClients()
{
var clients = new List<Client>();
var websiteGrants = new List<string> { GrantType.ResourceOwnerPassword };
var secret = new Secret("secret".Sha256());
var websiteClient = new Client()
{
// we will be using Angular JS to access the API - so naming it js
ClientId = "js",
// just a human friendly name
ClientName = "JavaScript Client",
// set to GrantType.ResourceOwnerPassword - because using Username/Password to login
AllowedGrantTypes = websiteGrants,
// secret for authentication
//TODO: Change the secret
ClientSecrets = { secret },
// we need to access the fhApi from Angular JS front-end
// fhApi is defined in Resources file as an API Resource
AllowedScopes = { "obApi" }
};
clients.Add(websiteClient);
return clients;
}
这里是 GetApiResources()
public static IEnumerable<ApiResource> GetApiResources()
{
// e.g. if we want to protect an API called api1 - then we will add it here
// these values are hard coded for now - but we can get from DB, config file etc.
return new List<ApiResource>
{
new ApiResource("obApi", "Order2Bite API")
};
}
现在因为我想使用它 Angular JS,iOS 和 Android 我只想从身份服务器获取访问令牌,然后将访问令牌用于身份验证和授权。
为此,我尝试从 JS 客户端
访问 /connect/token
但是我遇到 invalid_client 错误。
var user = { client_id: "js", grant_type: 'password', username: "testuser", password: "testpasswrd", scope: 'obApi' };
var urlEncodedUrl = {
'Content-Type': 'application/x-www-form-urlencoded',
};
this.$http({
method: 'POST', url: "http://localhost:44337/connect/token",
headers: urlEncodedUrl,
data: user,
})
.then(data => {
console.log(data)
},
data => {
console.log(data)
});
我在服务器端收到的错误是“未找到客户端标识符”:
1 - 为什么会出现此错误?
2 - 因为我需要在 JS Android 和 iOS 中以编程方式获取令牌,所以我需要使用 /connect/token,我对此是否正确?我在正确的道路上吗?
invalid_client 错误通常表示客户端 ID 或客户端密码不正确。在这种情况下,您没有在对 IdentityServer 的请求中包含客户端机密。添加 "client_secret: 'secret'" 到您的请求
更新数据:
var user = { client_id: "js", client_secret: "secret", grant_type: 'password', username: "testuser", password: "testpasswrd", scope: 'obApi' };
或者,您不能在客户端配置中要求 ClientSecret
var websiteClient = new Client()
{
// we will be using Angular JS to access the API - so naming it js
ClientId = "js",
// just a human friendly name
ClientName = "JavaScript Client",
// set to GrantType.ResourceOwnerPassword - because using Username/Password to login
AllowedGrantTypes = websiteGrants,
// secret for authentication
//TODO: Change the secret
ClientSecrets = { secret },
// Disable client secret validation
RequireClientSecret = false,
// we need to access the fhApi from Angular JS front-end
// fhApi is defined in Resources file as an API Resource
AllowedScopes = { "obApi" }
};
这是来自 IdentityServer4 ClientSecretValidator.cs 的片段,其中包含您返回的确切错误作为证据
https://github.com/IdentityServer/IdentityServer4/blob/release/src/IdentityServer4/Validation/ClientSecretValidator.cs
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEvent("unknown", "No client id found");
_logger.LogError("No client identifier found");
return fail;
}
关于您关于获取 JS、Android 和 iOS 令牌的第二个问题,您可能需要考虑您将为每种情况使用哪种 OpenID 授权类型。我从 IdentityServer 开发人员那里看到的一般建议是对 Web 应用程序和授权代码(或混合)流使用隐式流。你可以在这里读更多关于它的内容:
http://docs.identityserver.io/en/release/topics/grant_types.html
我是 Identity Server 的新手。我之前没有配置过。但是我正在做的项目需要它。
API 将为 Angular JS 客户端、iOS 应用程序和 Android 应用程序提供服务。我们需要实现身份验证和授权。
注意:我正在尝试在同一个 Web API 项目中配置身份服务器和我的 API。
我已经按照文档进行了如下配置 Identity Server:
在startup.cs,在ConfigureServices()
services.AddTransient<IProfileService, CustomProfileService>();
services.AddTransient<IResourceOwnerPasswordValidator, CustomResourceOwnerPasswordValidator>();
services.AddIdentityServer()
.AddTemporarySigningCredential()
// add the resources that need to be secured
.AddInMemoryApiResources(IdentityServerConfig.Resources.GetApiResources())
// add the clients that will be access the ApiResources
.AddInMemoryClients(IdentityServerConfig.Clients.GetClients());
CustomProfileService和CustomResourceOwnerPasswordValidator和这个答案一样:
在Configure()
// as this API will also be acting as an
app.UseIdentityServer();
// now setup the Identity Server client, this API will also be the client
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:44337",
RequireHttpsMetadata = false,
ApiName = "obApi"
});
这是GetClients()
public static IEnumerable<Client> GetClients()
{
var clients = new List<Client>();
var websiteGrants = new List<string> { GrantType.ResourceOwnerPassword };
var secret = new Secret("secret".Sha256());
var websiteClient = new Client()
{
// we will be using Angular JS to access the API - so naming it js
ClientId = "js",
// just a human friendly name
ClientName = "JavaScript Client",
// set to GrantType.ResourceOwnerPassword - because using Username/Password to login
AllowedGrantTypes = websiteGrants,
// secret for authentication
//TODO: Change the secret
ClientSecrets = { secret },
// we need to access the fhApi from Angular JS front-end
// fhApi is defined in Resources file as an API Resource
AllowedScopes = { "obApi" }
};
clients.Add(websiteClient);
return clients;
}
这里是 GetApiResources()
public static IEnumerable<ApiResource> GetApiResources()
{
// e.g. if we want to protect an API called api1 - then we will add it here
// these values are hard coded for now - but we can get from DB, config file etc.
return new List<ApiResource>
{
new ApiResource("obApi", "Order2Bite API")
};
}
现在因为我想使用它 Angular JS,iOS 和 Android 我只想从身份服务器获取访问令牌,然后将访问令牌用于身份验证和授权。
为此,我尝试从 JS 客户端
访问/connect/token
但是我遇到 invalid_client 错误。
var user = { client_id: "js", grant_type: 'password', username: "testuser", password: "testpasswrd", scope: 'obApi' };
var urlEncodedUrl = {
'Content-Type': 'application/x-www-form-urlencoded',
};
this.$http({
method: 'POST', url: "http://localhost:44337/connect/token",
headers: urlEncodedUrl,
data: user,
})
.then(data => {
console.log(data)
},
data => {
console.log(data)
});
我在服务器端收到的错误是“未找到客户端标识符”:
1 - 为什么会出现此错误?
2 - 因为我需要在 JS Android 和 iOS 中以编程方式获取令牌,所以我需要使用 /connect/token,我对此是否正确?我在正确的道路上吗?
invalid_client 错误通常表示客户端 ID 或客户端密码不正确。在这种情况下,您没有在对 IdentityServer 的请求中包含客户端机密。添加 "client_secret: 'secret'" 到您的请求
更新数据:
var user = { client_id: "js", client_secret: "secret", grant_type: 'password', username: "testuser", password: "testpasswrd", scope: 'obApi' };
或者,您不能在客户端配置中要求 ClientSecret
var websiteClient = new Client()
{
// we will be using Angular JS to access the API - so naming it js
ClientId = "js",
// just a human friendly name
ClientName = "JavaScript Client",
// set to GrantType.ResourceOwnerPassword - because using Username/Password to login
AllowedGrantTypes = websiteGrants,
// secret for authentication
//TODO: Change the secret
ClientSecrets = { secret },
// Disable client secret validation
RequireClientSecret = false,
// we need to access the fhApi from Angular JS front-end
// fhApi is defined in Resources file as an API Resource
AllowedScopes = { "obApi" }
};
这是来自 IdentityServer4 ClientSecretValidator.cs 的片段,其中包含您返回的确切错误作为证据 https://github.com/IdentityServer/IdentityServer4/blob/release/src/IdentityServer4/Validation/ClientSecretValidator.cs
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEvent("unknown", "No client id found");
_logger.LogError("No client identifier found");
return fail;
}
关于您关于获取 JS、Android 和 iOS 令牌的第二个问题,您可能需要考虑您将为每种情况使用哪种 OpenID 授权类型。我从 IdentityServer 开发人员那里看到的一般建议是对 Web 应用程序和授权代码(或混合)流使用隐式流。你可以在这里读更多关于它的内容: http://docs.identityserver.io/en/release/topics/grant_types.html