IdentityServer 外部身份验证提供程序 - 身份验证回调 - 重定向 - 400 错误请求

IdentityServer External auth provider - auth-callback - Redirection - 400 Bad request

我在关注 https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client and https://www.scottbrady91.com/Angular/Migrating-oidc-client-js-to-use-the-OpenID-Connect-Authorization-Code-Flow-and-PKCE 在 SPA 中实施 OIDC(Angular)

我正在使用集成了 IdentityServer 的 aspboilerplate

我已经按照上述文章设置了所有内容,并且能够导航到外部身份验证提供程序并且还能够输入所需的凭据。

在重定向到 angular 时,我收到 400 - 错误请求。详情如下

回调URL:

http://localhost:4200/auth-callback?code=b74f38054d4becadaa3c45ce58a83c892e0d25e7fc4bfcc1ef29ce369b477596&scope=openid%20profile%20api1&state=18af0415b22b4614882d3e31113e2717&session_state=yP4rCdCetarKTsX6X0JXYTeV_1Xo8dud9V2FnT-14QE.db913b7a39e26220d8ac07de5a523eb2

Cookies : 请求发送了 9095 字节的 Cookie 数据:

    .AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgctpGC-BWtg81DZ33kUapCDBb84U7ILfbqhExQzI3oVOWReKh72cV8hdROZcCh6wK7tbwl14PnWzNIECZGxyYx-K3MINQnZEp3cp-Ury1Z4KaRHs7mqvmf6oc30h6Q-oFxI
    idsrv.external=chunks-2
    idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcum3jNb_Pj5sm5cfWLtKGcBqkU1VIUHlMdupOgnYwqTNw3bjxOoeVbCR1YR9y6Y2Q6zZvxX2juNv1iiUTwVIcTAG99R0QU8Ki1EJ8uOvaVN-BgUFNXYzcrct69nxfTGj5Ay2wL18-ziLczxnqurAbgTVkgyZs6IWHgtbOwyoyJb3klbQUkt4nmNZbwNSzeYknhDq7ohwEqeva51TIw73lciD2bJpJZnxUFx9eRI7FiJcf6qM3iYzvQ9R1-IRAmTleGEul_KY0eEcf8srxjPDgCRvj_Chy14N0rJdvWvrgio2yfdKTiCam2y-xPporU1oBOupt4zuaKsnPlHzzY9NksO_Gp7TTXJi91d3P2rl9FtBbQVQQDgpuNlwKO_WWIbd_nvcns647_0Cm0-mXiPecFrCC_plifOJ3ZRQHDYd-_ykOR_8WtGVYNigh0LPn4WxHoWJujUneRVaF_ootP4I1-uzcP6oDtTdxzCBgQpsujS_gRsHzZQ4S_EUX90R_BNEfWpg9Z5je0sT4Rma_tBeDBTCtqaZEKng_n4ybbn8xZc0dwuuGsVjYDSLXXoHLhQ55MalqJmRITH2mBNl89on3l2Y_e3_N-T_ScBJOS6HUHhTbKgiA2-R3XP5T_Gd0Fbmhpyrb4uqRJDybQb3muaKwYAJg51PSoiicA927KTcfiVPUzHY7YoENJ8MqBHkonvpjw9QtrWCgn0t4wTgrj_jIkIg9VmIZFReWGDiIw1cQnvA8u0lnPdxXl0D0ywm1eKCcvliHuFiT4KM2nKhUtlg75X5w5AYBFRb8ocx6Gx4zNEuV6cXzsx0-PVkbm7DllcMu3gMchpk47rDrIUjTDqlSjnlM1JaRWbrxXAui5tvZwOdAlI3e3__RIu-hdSJNO_ZgvPkLRUBiv0weNmsUWPjLzSjP8RVj-fWWCj1DuXSeUKcWTeEiXu019Klco48i1eUKB-vqLsUZHWAc8E02A8xF3kyz8OXOIam4tOlBD03-CgUK8zf0ahdtFegsXspJ75Z7Swml8CHpPkHrdZvGrryd-UbRipNpejtde1B9-WnLhpLQjXYCZdCOFndeg9CG1L9uBpaAU9pOB-AzmLqNIa1zi5qS0h9YqlL4wHGnK0iDlSmmK9kpZuTUS2nSEqs9hDwew1asxl7LPF1sMJyhjfDBAOmcHV4kZA_E6w0Y8_JQC4vu8Oda7vVoApvolhhHPqXpmmwbHxwxv1HjmC1UBdGUOJyn1rX6ASFJnEu1mmgqD1mgXizbmPzJd_KzRUkd5F7M0DcTBX3U3_p337g3QG5WJlBE5v_2JBlh6s-G5Lxs7UNXwcEigg6amJEgcIejNKXRbynJ-IKE41kd9PvXeG29d9B27Y37LPQu0xVaH7C7Z46pkASHZVrcPGLOoN0gHBTNwGaDUfca8Sb2bq3umhNjzK5uNxLaEZErCmjQQzUidKHcbWyuHC0ht0X1phOJv6hMTiUroYVaTP-ma_B350Z0euJq4atEPu59-Redz56aYtuKBW13axJs8qtsvXolwkGGboHzB-gj8PjDrT-iHGVMnoXVLkkOM_nYzfY5PwnaSWUdPtXnI6hxTlJomU5Bvhm-7TKLfB4bl3Fel4MM0QdrTQJz28FBTVFizzdksoPB4N_3jfSZsR373mN0wdtqpEjmKNUvGnVNX5wTc_3oMTO0cprxSVXwUK23phkomKHUYMZ8i11Z7T1mZHx5Yci1CMp-mHqTD-fBbmSK7YYvwtsSLeeI7u4cH-IYRl_3YQtxrFLwqTOzWllcz_JgbvwNXPYirLj0EVqGwttipg8QIuNyJIaPAnovTpJVI15ioJKfS9F9xlx-JVETbgxK3Py259pbTu8r-jHEZT0YdlItIZO-t5FM6hlTHAtQ2SuY8kdFQyBlUNZQPpw3ft6cz6mUt-2CcTdZ-xibkEdr7dEAZflSIrhL3Kt4lrdNalI5j68zG_0g9qfcXKTaqyMN0bawAzBfmaWAIp-u1KZb5vi6Kwf9ZEcNYF4fzHjHIOSNmySgiaYt2zH8EvbcJbTQmfBhuLOG6zBDU1-fDTK4-eBPkRJWEh4OTHm0jC8GV_N-80CrbUxjJUzoBWJXReu-sE00d4zBVHTHNJDlShXlyUPb_vqaGCJDFIlEEZUjyvAdwP0eOOeuhSz6jYicK9WwaZgsoLLsyeNZwLEOLftEBAax5ddoUdwe2kwxJ9eMZd_TE4YYzI9ZI37QAjzfhf573n8l2V--UEr-Kt6asTxzNvg1gK7doRns66W7KC6qnL_9ApLeoZ-hOX2QZ2J32D78mk5h4Dtv06lsNm4pBs8855PeZ7ygBu-p1edi1UjEWLzIxHxQ8YNNErP-U75HDgStXVRBY7CuXqz8RVc62Pjrj6z3Z98nV3KfcYJloq-Qejg1oSmFLgHrs5tTecL3caIopMy_MV0XRg6ly7cZtWq_8GQclQP_-6nTGy2ucN9ncj6sSjbFXxtKPV3bLAUm_JFtMfzzjR4TxP8s95zOiBwF5XXlLPu5QzBOoprI4Qf_XhmlTe8_1Z7X_HzCZSfWtgSDMEmcyOXxp4sPeKnh4U7o6ZlKukGz14F7gB94l0ZEHpbtOScRWb88o0fisHQv_G2Erslx3O5sGDMQG8G_W7d6IMBs1FFU1wcy8gmAznDbgFxtEPmXwdcoMY5MxliQQ8SrmREP_fU32jfGox5BiebA10BtQKjctJdnF_KPu3UzFuPGjFncCrpT74J3bR8O7BTUY175pOR2Vw4dtPCubHDeLHzFT8QWsPOO0CUS1kbtlooYbPS292E8lawWmYcFMcYsDq5x40NeX4-NVLuL0DvaqC_tgBLqvjDsrv6hQy6xQBoJt0PtfB-X0n38TCl9jwmpA3IiLR77FEAbpf0RRs4NB1_fIs9nSgK76JFPunxZ8jsgOW1ERNBTjgCaO72tct0l6rtrZAD35fu6KPBCFsofdoRpw5e5hxiq_Py2nYniCv6BkDLezt5wyYW83Zh8RJ1MQgZxNg3mJj0yvs0b3shdmxcjYZruCswCpcYHUCmqsTIjj4yQOHY15c8R50Asq4-eBuf3FhrIY7UWftvY3f3yL4IRQyX93oD0o1SCgpULpzR3dUAJD-QId3fHHbq-fC80Jqs09LP-HA9r7SutOSDpbcH-qD6ZDIVMddxGNOSyEVEN21fNPMUmVD-7u3-B9hmTrmb48HJLAQn9JjN7SdYjlNOoiyzwqZchnmWE3Twuro0S-GBryAqKdF7eQKpPqgtOks03JcXFERS0iRIJLZe3syjY39SZbhYMahkAc0D2TnJdUSxc-g85H_e0GobgE6R74fAwKeFDNrThwaULJBQTq0EWFikOMpZFzylfluw1M9U4ad-f53bYHPcvKFw8giZN6N-VM6qLrg3D3oU5169cXpmbRDeawreIOHvlVoIfhRZu7cSkARO0AGmL9XUrGivRNgMyDXRBIgIn_tbIPFvIrWkhgcZZZZP2t4YFzhn2MvKoHEFAfQHFFQ4jvCv-Waof19dRzbMSjS_Vz9qPzslbUjYATnIykQCeylOybDQKl5b6QVwmz9ioSl9OrJNFbzy9TDXSqjgCnefoHdZyVubpHSCADKJMB4FnLK5IdCFwcn2MSz_FuZzuCzDzR1B_WNTMuLQBR7Ks70uizUOJ8BKI7tuMO9nU9N6AQ7Preb_XRLVFJ31ISl5DvrQxyh__1Uet1IuT1vYrH4owFgaTnwOPRMPNxmnUTJRsbyEFdP6p6kQjV8zrId3qhBDIRMTfuOgT2n4awFqGbIM5DUnag003rbzpqD5zuL1RAlCfwyf2Yx0u0qY3es-zJV9CtlzU7X7YR-GBDSVJCKSqRRNg7YY-B2Y2E53Wudp6DDzVFuGs5G-XGJKzq3mru5h1CWaplCNgpDkdaRId-mfp1p2EP0vmoVkQnlkXqT0oJTsOBSTLKDrCfkniMbmKP_afqWS5jn6BmRDuFjEhdhl6Wa2GkMznTps_g9My
    idsrv.externalC2=TudWp3eg3iUDnXn_uBCELCcSM1M6cxDlaF2RtsIFq74WusG6xZaIXZi033_2psAUpYZ-rKCn-fR-0p9RsHfw4Tot6oTODOcVUeF61Q3Zw6yoXZp497mMT3u-RMB58Yai5pUSMJk1Ex_2H1ekLjks9_ngpns76ARB3dWi_gzblCLQ-zSujcPw7ksoBLlt2X_h4B3w6Y91lCyHkn77NcAKdTiVgRs4-nX33NEr7Rogr3p365AV9vrJqWIl-eP7I0Di4mQn-EUZAd6C1iqBA-Af0wp3Nm2OmJJr-dEoPpppha7wW0_3IGk4_O_0cZjv5e0-63ER0X3cB5ZoKzRarKkdNEm3uBgcexGLOWJyTL8ntrXfytxxC0iP4DiO-wSnydrD0r-k6F9iLd_-pSuz30MnHDAAXn0141EC7gLr-J1EFS3ou2b8ocjIjJUF9jZ_V9IfibMrI_K7o4e-Yk5uhvjIzOq_usu2LgDhLjLIYXYwX_lQPX-D_z9Apn5IfE6iaGpc2ziqocj2uDFEA_j2dKtJBiyRylBcv89BJfWcsNHLybiB1dVBSFeRmQx_Bi24Hv0fkjw-7FLIFnGHv0UM2t09zp6QL4T9K7ggxOZMWp1-l4yIfnJRBDOVzSUcJZLEmAzv-lFcppUOtvrUmERDHItWFI2IF56flIGH5bLv7FJBFCW8Ke4HcI70EiWwBSHvO6JionGOrXpsAmVGW3WbfVH-iTrepjmYeJpzsKJbjBWvtTOy4BjcxjUe7S0UZvrMIpulv-bH8EJhT-ZnSublufZBtnUa5AB8Eo746zPmoEBhFETx_kGMKtwG11Cj_awV2xlY4P7Teb1UsNYvncPHn7B0gPRq-e3MHeqo0O8GgKcnZb9rR96NpBsLqZ64D--9kbYengtKR25guD1lRRb2ijqkC4aCp7hD7ohE5RjggPoxo5wr8ZQA4-c2HT_uwlpe-QpyY_GdFErAW-eT0sSA0JljDVTsgFFt45CP2Hid2gqRX89-vgBVXjmV9rTZHocGEBg-PgQP0TGeGQMg6RWL9ryzsb0auFRBhiAPkyoPonTNKM_Uh2tSVXKZB27T-dAJRXF4qZ6sFzAgQsrJxphmucPUuFw1RnaFGSM3swf4A8JR6egRegMIHq2qci2uEUyQnfSTYLciNvur5OXXkfYCEb73KaYwzI1I32FUnJ3RsrQPSgS-RhNHSlrfHgf6DjAqa5VNk3u7c4RIreVTxI-ZiGjLJgxHxHUuSIyiKnClH1WrZBZ0yVupkmjcNd08jMbAEIUeP43tMg_Mwl9zjN6kGQdbDbRMNqGw6cIv7_6cCPcT0Uc5e8biHEYdLO6MPsCbH9bOEjVluRY76g8-CNQx188rxm_C1-qmxqbjGlHmebmtA9Gm4WR9RJ4ZBZkuMjMNn-rZv6fuVBtOUxzFUj0RZu4p5yhURxLRDh8OAAYj3gMd1TJ4qXrITd6Qa3VCnaCe9WHJgAEmfHjUiFulqTsv6NIFZiZfr4JysHSSk6qDAwdLDHEfb-XjM7EbS6h-2ehU1wLM6HvXv2PMpq05leZ30XYHpM0m-JGT4iOE-23jcEYba8kx8FpPAEvMaxllEMx-U6cXpaSY7gICbk08mrZJoRwqm1x14JsfWnS40NxypgaEm4Ofz32YP0gzg_96wwS5dPgEU56gS6iQLfdLwyuME7KLcVNGRs0fGDH7hsfBZk1FwBpOQO2o60dsxZTtIHqKnftVrn2fhoc2Q6Cpe3GKPHD3fIzga4_umSTZL_uQg_XTi_01IYRr5dSKQ1GwQVM6ELf1o5Un4YiCZ3qOpjioKWLapQwckdUrKjg95Lxlnq7TkkTlB2C33tjgo_UQ-CLxSYEGR78m0USywEfXi6N0LS2MaDmu0rNY_UweMs9EV0r_y2KqqLy_afFrn3IWn5XcmAaDhI59a_yRtkNYXMnKP3rexMYSdHSY10AVgPO88U-_5nelN5CX4zwNnJsyjD8sno59zEPq1UPvW5q72USgnt3wY4YWSPfkkhNBWr16pKSmTUkuaWtbcP9MQg0uwrHhlQAXcM
    idsrv.session=3a7192efc6a9690cb33226c0241d91be
    .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcva9BrL5NevHGMOeN3Y4e-BtNupVoy3JNq-gAf0-xVS97cU9-h7xQXpsv2zJP6nx5leh2DsRxN4uwXPrxiAoJgdfXyTFvhtATpLLRmWPEFnLSH1hD8BTV0U2b2kbBAFl_ny-27_-xoZdV72SVkJcrwAuWCZkNpMcBdGfmNMWXwyL1c8cz684o0oWicEyHvquOdHW_bBpkUrXSQK9b42pln40tPVBlYFLMEgMDKCwWGwYcR8_gx5P0dyobN1R0RHYXFXiwkFNWzz9ZsEpKk9wxWF_Hn7XDNuVV4IiLRwQiVm60njvg15gKUlxPpYQY-8C7oTRPsgZGvSqisVbSlF1EyoLsarDak_Yns21HEQY2AVGs2VxuPidNe6cRdjb5sIRuHUX8kDawttIu8MnrHyLRjaF94Zz-qrCpZfYiHOtfpu7VVg_7HBNusMBOy9xJQLXBftgPamYkCFhnXepQ34RJiM3-1yfQNibj-TaVvSHtt7_lyQdwcnX2MqjxyX3XI7uYqyYT6ela_qBg1C-bTYoiFbiqcv8C_dME9RsBdB_V7q0BtSPvgcHrG5lUJlvksAGyUzo0fQn9dzdEjKU86CaQ_XD349PPznjRe8Tk1E67XqI0CzPhB3RzV_sHdy4Ghfq7MP_WXvOy3hc0mH4TNN03AbB7_aHcIojeHVNh7cyfmcJ-9A6n0jCrSXHxEdf66jjc_VMgxk3nytS_g749s84jAajtxBGnXmqvAnqEYuZZgTAJFMaajq5rrxBU_X_W0DQbErZu3fQU6e_LYrJxAIcXfy4Qh-iynY1flPZBihr0S3qfOxUhrvpB64zq1b3fa9r5edByt9tgBm8KK-wC0b9JjF6kms3rn3YrJIJF00lUG8vZ_MfRr_fU3-e6rG7eQn6YTiQK2ZFfnEo_dzTegfDTJ2fez984jJzJFSC0s47rrb4N2ofoHpAqqqybEWW2UQtURvOU2d5CLRvo32RTI4EBD6bKbv4k92TBpOsZe09ipHmAO9cIBTNfCEkm7AYjv_ZvRrasb6kU7GcrNwRUx1k4fcmDnEeBZZgMbMjWzE6ieJ2miqxOiA3z2vuYcPTMB43vjKjqeAsn5juCx7l4Qo_zdE9UEqLlBSmEOA-UQsdg6m9Dz48QmW0XIxZ1WGVPz2Dbot4zVrgRNg5FzLpUwsvyd3IoLmjSCnvUxNDAXYN2zlUr2ToGVU6O2fYhjmJHRqTVepTebaZ-qjAzex07SR0Oo-LZq0780WKdKIiq5wNNFTVxN30tZuPcfPqd7CBIfZzlkMlyko_RUs18ZiZ8bQaiDLWSbLV-d6nNCO_TSDbLLWkr0gc6BW0ZM8G6BdCVCS6Pb5WlkVGuwejZ5QXSHjPEfqbr06_6FqnrcRts7irjDWnw1GpnT8jkSlwPnLFkcCndm90nWbQ-EKns1qEXQi-m31jdP7m3i83Fyc3pxpcgkTFi0cLfFc1hswdacpBCHPwyDikQ5mszondBiqCHDzZMy635jq8HHREfnJgDNUxkj1WOKnpwCFa6GLWsN1w_U8KpvTEpXM87PRTqIhZW6EfnLzZHuWGpuWCiEATDyyVvgJFIOxQeEHqfXDPPTxl0EuDYCC-9eaw6q0AcgNYbAqlXHWCgqcXshpI1qVu0aQRP_81UT9vk3orUZNZqD-WSA_GHRUTVMedpp-piqDEZ-q35V_NIzhrUwyflpCcTItrhy57-IJbHujRVosl8x6s2A9J_JytTK9y4lqfBe38h6dQtPNOdjhkA_ioWdvWn2KFVLtULnapFScWLm4ew-Gbrxfrmj68JzmsKUOKmm6i0o2Y0JMEg9gsExTh1K3Z_e_DCnfJl3XGgB6Q5rX_qzcvqwyldPn1xJyXealA5KCi38hqsI0wy5-LZhiIUt6PEQX_WNF5wiL9jkT_6-qVfUhlRB87tcqx6YHwdwlYUErsNkrRwZJQrtXxDJoZwEWYy31Ehpi2XVoKTksNGdvHbJcPtFBt7BactgMy6MRu0LVTI8XFhVaG-9LaiHAq9U3c2vblpNjdlBW0nrujZo5MaV5xroyrL3PxZ3j9oj3FzbtgcN_ys5J8FMdhTBAaN5V_YtAWpBH1kP527q_raw1wWdnIvLKQk9hsQJqdldZoKM6mZgyE5_lAWzLs1KN4xwD7Gbz3uQVoaIdIGGsW1iXhB6wJ7WeN9vD6kAJBiI9aHn_iJLmh-QPEWPdMntVipec4UXAACVXPX_QmOvFYxdVhSQp9tdmzpvAfVpQpsbrF29ro0olru0Aimv73wMp4UtIacGSu2T7rHfwkXJ05o9IDuUnjOC9oXMhxLvz_dBwjHeHt_B3BvBQ-XNSEQra0fD0MzJ3GBRqK1vUWRJQzaUmfZF5aE39az8qoRZBAYKFrAzqE8Y2IsEK6UhrJj4QuJ03l_skguhXuraLyH-IO6fnRqF5lZQgO81RIZKDvRlhNrcGJsM6yOotUXXTpVz9xjOtn1rMO1woO0up8kr16vlcRKp_TUh_VqDvV-AbY93ZYBUuvVUiLonGaOK7V3X7uqJGFsh0f27hy7CKYyjviPLo9eEs_oMsjh34cLEzDEPSZtgdqbv6_82ruVRA6S5wKWr6v3HluBVjJP7Q8iBJbLzFfl85ihIjj04hYZQmBUx0E0a646NVETdibYC7zcmdtGOUb045Nifb3A

身份服务器配置:

public static class IdentityServerConfig
{
    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
                  new ApiResource("api1", "My API")
        };
    }

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
    {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile()
    };
    }

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {
             new Client
            {
                   ClientId = "angular_spa",
                    ClientName = "Angular 4 Client",
                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = true,
                    RequireClientSecret = false,
                    AllowedScopes = new List<string> {"openid", "profile", "api1"},
                    RedirectUris = new List<string> {"http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"},
                    PostLogoutRedirectUris = new List<string> {"http://localhost:4200/"},
                    AllowedCorsOrigins = new List<string> {"http://localhost:4200"},
                    AllowAccessTokensViaBrowser = true
            }
        };
    }
}

Angular 配置:

export function getClientSettings(): UserManagerSettings {
  return {
    authority: 'http://localhost:44380/',
    client_id: 'angular_spa',
    redirect_uri: 'http://localhost:4200/auth-callback',
    post_logout_redirect_uri: 'http://localhost:4200/',
    response_type: "code",
    scope: "openid profile api1",
    filterProtocolClaims: true,
    loadUserInfo: true
  };
}

请告诉我可能出了什么问题

编辑: 目前我发现的是

  1. 即使使用另一个 Angular oidc 客户端 angular-auth-oidc-client,我也陷入同样的​​错误
  2. 使用 JS 客户端 (https://github.com/IdentityServer/IdentityServer4/tree/master/samples/Quickstarts/6_JavaScriptClient),它按预期工作。但由于我们有 Angular 作为前端,我通过包含所需的 JS 库在 Angular 中实现了 JS 示例,令我惊讶的是,我面临着同样的问题
  3. 当我复制 URL 并粘贴到另一个浏览器中时,会调用 call-back 组件。因此,Header & Cookie 似乎有问题。 这是我从 Fiddler

    获取的请求的完整数据

    获取 http://localhost:4200/call-back?code=7bc6c3d343067f2ede3ed86268e3622bb909cb8df5d75d2f223b335bd75b730c&scope=openid%20profile%20api1&state=86215491d41a4c3c83d52007edf372cd&session_state=ibjjr0YMpGp_UZ1ezmUMusoAIpht25ySKfq8hoCKHXQ.e7f8f959a82f09b830a9635911c0b9f3 HTTP/1.1

    主持人:localhost:4200 连接:保持活动状态 升级不安全请求:1 用户代理:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Sec-Fetch-Mode:导航 接受:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site:none 接受编码:gzip、deflate、br 接受语言:en-US,en;q=0.9

    Cookie:.AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgcvmHhFjLJ4WDhku77bzpIxGI20-YRukepOXg6hGG4AUWzSGKXSWmy0Ie9tQFsXnWx0sUUlh0EAOij8y18d_96_-FVyCrPhtQ0JRtEXvhPXLxqum0sIJmwFD1116QRU-E5A; idsrv.external=块-2; idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcvkhesBnoxqHY0OJtpFJrBLaBijCb1T5yLKQ6APxR0eu5fyn_vfdh5Xp9ttxF4vCwd0PFSJnuEMrqBjnECr2QVYHBFkGC67M6uo238PbjEP9Yo6HiCxRYuj6TbA9LjPQFikWTrz9dmo-8W2jWwbOoCInliwIrrvqrvtnpJ89JGlBv38DroF-EQYlf-Ut34JonFZ9MdSPibkMSx5jk-pVIND0iQziBAZF0uM8VYXBkZnRoCXX1QLiAac122PfxvfdTBlDbGob8fZ3LxTSeMLDxUtWsqjXbZkEt6yF_iQBWlaMhdFapnEsT-PZel1UblaLUKBl6iB9ruz3vIGoKtGTvA0gm0k2RWBqBD6aMsOjCrK_8Js_mW3G864tPidZ3cK3h5pAwlgz7spThU6u_dDr9O90T0xqSi1MIM1oJI4IZ4H9_FR2QPU5wqvLaTyWdM-Gdmlpkt4HdQYfzvnRufOQYkBU7jeumj0j9lLBS-mSw0P3-st8EHnDHdoR0e-JBSIZ_YkOb1BTcdzWoffC83umSsDfq3iHGQeeUyl5C3xYVsjb9ZWh_zVnisUQD7UPcO4lBWhyhgkhUorLBXUxft306BdZeIommcLGmB22u5x5uqVqoocFEQX73fFj22fYqbJXcOeJFMl9NUyUMS-BFA6F-n-5NxDGGyjtGsjdT7hOwVgAXd9wek-LElpEmWltIHFHf9C92qvuli0GqyCYM3UOFiHVUVcsKtTagr5SWwofTP8A-TNlAVFJYEduw1--eI0EPeCfveI2SpZn1U07yNtVP4Bjnltz_DhqJJFCFQvsnwgy7aiIFjHfBczWDiPWOE9hPZZQ4lluuI2hS435qn6uVrSXtyZF16S_hv3w2U0SawU6Mc8Qm7aaH8OpzA8a_U0jhrrtYuvvYnmPvmqrMw78GRMnrgqqCC3DQK1ghV56qUUHtU2HQPme2DyUztFYBjLLOO2VB1dMmbfFJVpJUbkj8EsXiXzsQ43fKO_JNmdcsyGjkVprwAvHVaMnaVWpXUUt3rS2feH5ZthiMCozYitq4W6dZkFeC6ZAbnzxwig6IUISraeGiV-02XbYyjz7nwMBFZionzmoz0z7MxJ72C49z_Rn0kBtOQKe0vQyIOqFizihJhqDdrnpxgCvrESo6EXefiS6D8zfNUnOT5w-vhQ7iMpRJ6f5rgVpg7T1IWljBA-wjUDB9Z5ihaUpsGrlQMZsrCSfUEpynNbEFZVUmr4dMpMSD3itPC4k2S4viB2lij7s6IHdJi96KNfe_lFm5VAP_URpKb12URyn0ozJZs4tVPnL-jvhXimDGxpd2W4VY9zdB-OiIoec4tjaTw4APJd-QdUykukW_W-lJ8nAW-8kDTDbzMMsFIFQ9MOGLF5ipMu1qlYwV5DRdfe6ClF1eiFfvFcffFon95v8KePeptjFzhXURrmN3orY0EX-0LTBpxtocqAT0ABT3aCcCHV0U9pziwCMY1mtlda62rVctIWpjBsKCRhb7Y8V2cwUDGILTmZQ2cUfJAOShATGsjVnmhFThyiFm6SQAB2dCFol2drISAkZBjPL3rE0Quv-yGeNVcz5-Hp6AtV3KQkdfntIVzjBbZxaAanz4iP-bVHmmnml7fLMWyvundtTuVm75wv_OXtzDGpWWkSAvAddUpYnuPdtqSoGZTgCtEbmBpf0Yx-JdOaB3yEi9zD-_BjdfdS7IFOjbDv55ti5AKs2GIwsW6mWO-5ScxBOebccC5ICxhoegyDdVtwQTdS2nHfA1FU8qdsWaFd2Waou9muvf9IqdnMcn7-bKECkcESaf6y0kvW3_OwyRamAu4fHbRVSgeU1F6nJDbh_9Wt1fWnDxN6hnhveEk_W2ggSWxy0hFxruIo5-Bg8cGSKtX419y1zeM2UlMZ83xrEbAbcuuTfkv_UFe_xjTreOLGUXyw5tKCxHI824hdAKXmbdBdO7rnw1GqrXttz2_6qnnxk3rHNOcwBRAypAq3ZfLYNqflcIFHbI6B48uXu772Xy1xAyTeXJ6Xc9riAs9O82dRKj9wn1dMeeF6UKwpKwZaEaHiEzBgwMeWmoPasX9Dvg0drLajEgxg1qL7PLCwz0hHK9m4t7j8vC_w-Wnumq5VUuhEKz-DcoquVZ_bC5o-yE70gOdxyU_Nx3W3Xz44Ni5WzkgO0ELEj8Gnw9WUuby55kNN5cGEcLX8-SCwWM21ooL_WS53wE2suEZDRmpb7K8DtVo7TbaD2zBnmiM8hoC-DIeVCb_qWlfdYVo9o35IogY7HFYYfKdsz4SPGKlIz-ptHdaCnSBTpTdtWrZomCwYq8iVT2dLWLeg10Ly7odj_SZmv9Hzral6WVATATi-FBSKs40wf64IY1QhjyC0xn1mfUZeGUQLAVlOT2AJ8gg7G5OG75do3jsklnhcvArIdwvuGWhrEHLJEHoypGfqNewU1rZixuxxqbFuoIro9DabF88HGXZMAHm4hOfNGBhNhuzKZ0dvxzHCLI-ysEutGgziIJzefizo6RxEam-mMEEuWaE9dfrMirL2-jeiWqWHhsfu57VPoSC4gdZH-BM700nbdW2cRCa0JpzUmk6tbJYoKWaP9M_EgZA-GaWk7DRM5-HA7TgTEeWOJid6EHUr4_ib9aMRGCul0MnTamb8DChq_2mPLv1FRIDTwe4dJT53lJXvJNIJgQDQAQ66ovMFLoyKvuBAKa3ApLmadojoA--USVFURPegzbtFkw8G3yjTutzEju0ln6rVNXyGxg3UHZ8fMJrIyfXcYaMeLG0PuhX_j5yC3QNH9vGFpkQj4JnkQP8npsq_AruH0btyIqo9DS25eF_hpaKKXgUcZoGGgHG-jtjmf-DPuHiYRgo28V_u3omeD3rGsRPskczbSrwYkHMP5ajAVze3-Zt9XOw46xi_mCxhLzc6-7dUWk8gviCZ-f2XmapJpuii4ZPrI_3vEoMDwdZ_BSuDRpuLIcvQfJ8mUlQWJ5l-f20_B8nRm2olzIKVIwPkMdf0L91Z2cNhYwYsvOFO87QaGrqCvW0EmKto69RFHHTNqOQv-gcvNHlxyj_JD3TLya5BYJj6e4ZnLTEiakVWXjfwwfS41naQ70HPlMgbv4LhMtlJekC50uUse16Nqd7EqHWaLvMUhXz0Twy1tp8UZOgbXiJlY3SnfNZXlADU40ACNX9ZM632WMLp_mGD9dpfXAOzqS1kJEYBWDrphsnFhz-3VImvXTowq5xl3cgTjavjaht19x88ACNQqu5QDtmeEYYYZu7aI7F__Ne6DP6cJ_mICZLTOB2tEhJCUPcWaM-yBS3k1hqqfbD-s3OFofPSO1nqwEdm49k_tBmP67DzsAv00Vh8cch_qY6BPRRQ_W-KPhz0HPnq6Z_PAGDvY2BJsLb7ZE3uT1NFAZ6igkBrWMKJYCXZt6vpbZtRl9Qp5K2x2N5V3ChOe1Qpwb40FjU4_UhbkBbiqr5N2R_RfGS8JH5hDDn09LEZojC6YHq_YCc0B8QwlFfiThYCE1QvHpAUJ-Yk1HDVJ2tNW_y04CXwMheBCMB90c2SmyLY6w59G8vKOLk-CHrn7dfL6uaECsNcdieFB_pb3N66tjGd38-dS3DCULT7xZMAxhdZoBgrmehUX2F3dvP6t9snKXc8QrUUkeogFzOpVOCdJKUMwsZLgJjXMfq_psFc3gtbQEGi_n7nH-kHkigntSgaieblXuVzqV0UGCJr3pcEsCt5I2kWGZmUiUhEOLLBApK2vvDl8WgOkGmyIQmVEUa-UDp5XoJeZ8n-8ZVlPbFUg4CFuvCBserjD1b-WTOYgam1ufRRImo0OlsAVDNkZBsc-3SJ-jMhwhukhnE4AycHlB3o5inVRUWvjWckrTetL3d5ivj6rwI6sLQEZXnpBIwDZDTbMnCNFuaMaPT3q1l1MxSRncvF4xolSQraCjjAdpLVtfNM1bBC_1c_3a0z97OlhDFOM9sppnCqWIXdwcNKdj1B4dVdMUescRrVgy; idsrv.externalC2=itwDrb9gl1M-n3C7g2jDsd14QExwuobv7FJ8mLc6vQnIOKN1p8E33i6TG-Q86TURuAZoZFddajjj55UpDN6Nw0gGHaSYfFMc6OGT5gpLw7ifukx-SAnO-iethScz1RHRZARj-B0yXI492eeATJk12pIeY4_8NLD-8W2Xu9Pr60USBY21IANvV5mBdsYjiwciVNnyMADN2fI01dR3y7ukwHhQwfAdtly1PhZenbJ6AY0XpHkz3F5_5hIXZhpMX-0B-PPTpYFk38BO1R74HeQEV1L7K2q2tNGnSGoffYCPDNroOyYiyoELUHkcmaClg6sjXtKmqELaGyc2egXkeQQWX7uzpcLUw41DoidS2UnMVrJNUje4BFuOPOhQZdN9j3rxaD6ByZfMdhEotK1uvaa8F4e4rfGqTU5v-s9LB9u74Q8rLqZMGI0aKME3z4ocQ6xq8k3RLYHQ6jWoZRs_qDtl0TTY8odi83S5qNrW9j2BIV0418jJYNr1GHYT1FTKxuoYk-nib9Lw6-JuOybddLQXd5bvZQwVkoT5SM071yRIsFZ8W2cqiBCCRGUIGVDuVCw96cQ_07y2WsE2rew2i24fkXSv0Kf1VGSyT3Fhbbewa9sLL6uomo5v6QGn86nSTdP7m9pr3XTUrGWzgYMLBHjDu2vvpJBCuScK2uJqmo47rffaXLPcDAfnos_NY0QdfqQnBoC90I1K2FH0WC9xKmN-u9WjJrbxi9UCjBIljJNCgOW_RqdJo-M4_Q3CA3w6h6AQD0mRO_6D4Ih8hR62PJWBkcoYv9eSOpmNucNy8qUy_L0F_0js0szihJUZRlOyDzoAToS9KoR2xbPh9cZ1esU0A2ZELE0WchwxhqayilmRxwf-YW5iJCwvkXZPjp6W9FcSclYjODsQLaeK91Q3c8iQadoxxpaChmBFZlrQQvwuxdfq_M169ll96wR948rE4hhz3qu4CblYtaXMjY24PStOX0YIxElH2x1w2FOYfGEUaBX-NG9bPqj7eJCTXilExPoYuZea1E42w12zHGech6AXNGWDZ5Uc8IexlMQbxvueq3rJBCd0pG8IsxyOg_ZMDmeI3CjJ9zhQCU1uWnTYKPpW7urxpx84oQIBgnbbIQpHUrFmWHwwXMXxJGG1dVdUmg1cSCuFKoVJb0uufsgm5M76NpkUUOS9nENV-1SrXeL-sQ8YlIn7KgFOtMIRpAQzG9BK3IgFEAehRoIL52A_CsYUcEEi6a7Q5SpLFVxxGCu9bt3VarAgQi61CuoQq5s2B77A30zGKf7eCFDbX4h2oak_B9LWCISL04MOyptLthiyDwSDymBNCWHLkBKbGjAUcsfnI_u_9-K-O-T-qU9Rc8WixJMtj3rjA81hedFS9cxMaQ3yqN2RMqXxvxcnnLbWhd-8kgQI5EgL5Pd4evNHg99dJpiNb-HdaICRR_sL-HMTDwuLNxkpCIXlt2iKh5f0AYvyO7-ACzXAmOs-Xj9GVCzszubsk4rZLvVI6epq2sW95UvMtLlXBc6GKYVmwc0RQ1D5yDcUaB7ktmExSQJCC0HyrQZlPD15sjysuaIjgoQ2eyiirYu9uLJEt609N-Aqeuz9ZThGL080viiBF0FoiqL7twNAIAue7rEnCf1sTxkT5aL7O17V71pLzd6s_DJe-JjC7zKa5ePGmubnPoiRUq1WUNbe25BLQJvN_TXx5_2OWfzX7yC8nnCe_icrNO1W_boKRaJJ9EOVa8iHJIRo1QxSGsbYMHV-Fghng-7klfIZWcsuMgx_YJEmTS7clsFKG4kjVEjxQ9VOcVzjjtx4sfuelkEuqdr7cMwbJneRwoiLsIGVPMxSZphdgHb_mn3Hm6Nbb07EibbRIl-Y96fPZCqDGhq1R6DONprDwXJ305kvEspHeQayWiwXOoGg6XQJNtMf9aBrPc3ocQWvTjoRQj6GmpqyEXODhVYuePHiEmqh8XAVdLuIEFra6INZYmev4h8eWMKX3cle2WivccXEe3e5X175Vg1Yi23uw7lOu5o0_-G68; idsrv.session=5d538478b846f725df5730950f1b193e; .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcuzBhZapY0SD1xUXzkYKZkMtNPoKqAHaazwGG1emedx9wANpFRdcXHJZP1p0U16AtdNF1znCOUH5klPydD7Z3Vj0XCcP5mhEu-2wSORtyoXwrHqJ7Wc_Ev_YlRxZ9dJnfhv_6riIa0Zcpgh7tkRCPGHQH4uSu_1ry7rD5ap94dhITHG8l2BGNSr8WjvafnkKbjsYXtW3Aksz1KT9pK8lkqwCDS9anbBckbhnpm9aWsnxm21uDdTAB1f7gOM6HUA3DCSBbNng0STe46j4A107hbKAvyColOMu4I8GJp4wQFBMTaWzwSrPnDSzFxJD4ORR7H-8GuqGkx3hT4cfu-InVlYIWHNHeSardTZU-z0LyGSBJvmRA0pLyy2Ejr1lbAdxSfMrwCjcwkXThUfi_YHycw1mL8NKlVieUKbQ5hXuG-oB9cRCO-5Hu-m4mXQ64EXIrbC5hxfHkk0QY9Gfxf2uELCvXqs8HOGna_ENR6aZF7XVdfl-xeRW3CXd_szV7K-ezgdv-3JeOo0x43iJ_voHQt-INoXjkP_5Vy1PJLjxzdiqwrX6xjn7fifbXotMe8Y-EyFdeyu8DWAm6zqYKvq3jy9wM7sLclqRV9KUN7T8H2YsiFLhrERi_16MM_i_rLpJja2ElVPcbWRAUUWEuwion8HSlrwenmiQ8L3FwMKz5ikEcnsY80O8rFYnSa3CV3cs3zQbABzSWkEKqOWAuDLCK2qdg_BaLWoiTg9XB7TjKhq1JtZJpx6oX-QuK_YGwuGQuMISELOMWNNO3mTJvvgkmFOZlkJ2O5F7HO0Dwm8XBjcAy3OdFLWia4nhOJRDcVpBESO1tSuff_BHhP1TIWKvNPEU-tOOWi6NTjLUNSKxStvjxe57oJO6qKJEfjNdePypL4uOx-Oak6jgPtbGKqLAyfarF0pflvQzXWViHs_u9U3F-rHEnTK26BgLl-MusTEyVakEvBU7kvEmPUknsxVVpimQSPg-HtpCmJTNX7KhsWQC6VLYbyEW82Z7DSPmQ9v6vP0D3E-t5SeoLC4-6l_bMSGYucRKukC07cy1BxwUlwvOWOg49Dp3AaCOnJGPZkw-LAW9-SEp7FSaeWyw8IYEJV1itTnPpJF7RAj6xbo_hQPmUWqBErWrN4oZbQ4sGxr6vs5fR-5vnKnW7x2eTSalY5u74fc3VSmOO-Bm5fYueSZ2aJvw6GLXCiPoj_Qqx6zO92mbsaAwq2BBWbQH5ASJ-QkLfHYlTYGjze1Hqy-0uaX5RY7xD93C4n064lbLLcVZXfyB_P1Op6GDE1azeIX6Zwg8L9MfBlcDiSGzMniDjGWqkFCWu-Jt5qYQApuNVrqLTXHRRc8zOroxaCj9egy2zoHbBNo2-8cMvIKx_hfNhdm1kbB_lee8HCRibID3wIpdnO3YHHstznx9qVTcwLqZo1tIXMxlyFxdpHnwMhPsbLn42gcFrc2YiISu99How2P0sCH3HQ3owjbLffvV1UtB7fouwryZUHIo_QkhjucGvf22DKkb-oakiO22BIIgpJntGmi9eRn2vm2MgJo5LgZ9NX4L687XqQt_iayXmhikzr3qSyZ7BfTMF3US5oUYeDfP1yz76eVX5nelXa4NFaf2FX_5LW5GkADOYMuRbcWwkhqnCMSiHUp39AGQC9PGFRaClQUISQKwfWGlByNrRXfudXEf6LXfT_qTDouHNu1qWcGe4yQ0tVV6uBOr77b78_xs3mcjmcNPN6-4cES_rYhDiaSdwKRUbBu_eUJTL90aYUdLaDWrPGjoD67lVKdnas3Nxf-4bi1JeT0XfYdNHPhkxNlIsQvu9ovtlggaKxKUup9PQ0CH-krXbct4C6NXxnA5Ytd9rIbCHxu9ztdob6yhBRmo9qy4h7qRIxfxfMeY_nUB0HGf9lCtet1CFS8mxbkMC6h_lqLBHbtcxmliYlNBbDIS7YjDUXEFJt0axEHTfToxqOqtJth_mqPrbJGru-LUmsNn7A3n7GaVDQ0fEB7r92Wqjt1DqwNlKsgBiWzFxHPOif5DABGnOZ6EyNjDbVF_CO7HnpfRt57qGc2262LMKjSJB05kwPlufHXYHBmO1hIlTikYJ_jsqc4QYppffclkK2U2fWgv9xnnmTVlmjNNxJSIw565MXf8lnCeZuMyZTVbyndpnaSiQ-4zTTv1jb-3rcC5BEE1M6J4c4n4lO1R7XivZvHifZagMGa3T-EEVapMY7rDSGGU7fUeqdzHSe0nhc7QNBrZ8C3LfGlz5eYVYvm1oRLASXdhUOPGgU9shk_iEqYlzdTVo5ely5_O5cUBJ3JiLhxDJOWdWPsoLsVjmRo6PCqqXwm32XVI7DS_MbpJBZyrKOm2YXwpMnC8WFRC26VttbpNHVXIJ28AZyVvXD2t7js8EMN0GXQrtCD05hRKrDXQtquyer_Xrw9j_FkLqb9-X78bLQ7pjRx2SHGns3LiiRoPVd7TUiPgCJ46LgeDcHiRwMlyfTyzobtGXJa6qofQerRRoiKz_29jnStY9wDmZjpTVi63fB23TBJYvfFO6RPOs0b8CCJIyTMqja6ZFLVBXx0ZY0xd8b4W-szLt4n_j2MxqwzpljN8Xc5N2FZlNyFAdXWk6T31a_sI6_I-enWIeO3BjlExvuDQC-Tt9wR8PJlLThRvT_qxJbQpe3xsQ

    HTTP/1.1 400 错误请求 连接:关闭

这是我在浏览器中看到的

尝试修复一些问题。 首先 - RedirectUris 似乎可疑,因为它包含多个值, - 根据 http://docs.identityserver.io/en/latest/topics/clients.html - 将其声明为 List<string> 可能是问题的根源。

接下来按照服务器端配置的例子https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs

    new Client
    {
       ...
        RequireClientSecret = false,
        RequireConsent = false,

        AllowedGrantTypes = GrantTypes.Code,
        AllowedScopes = { "openid", "profile", "email", "api" },

        AllowOfflineAccess = true,
        RefreshTokenUsage = TokenUsage.ReUse

    }

让我们假设 AllowedScopes 应该包括强制性的 email 范围, 然后 GetIdentityResources() 需要最后修复:

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email(),
        };
    }

由于 SPA 代码超出了此处的范围,为了正确实施流程,请按照示例进行操作:

https://github.com/IdentityServer/IdentityServer4.Demo/,

也许您在 routesredirect_url 配置中弄错了什么?

根据您发布的客户端和服务器的配置,redirect_url 应该是:

http://localhost:4200/auth-callback`

然而,截图中的路径是/call-back,而不是/auth-callback

我会检查配置(客户端和服务器)和 Angular 路由器是否都配置了相同的路径 /auth-callback

出于某种原因 Angular 不接受那么多数据 (Cookie) 作为 Header 的一部分。虽然这适用于 JS 客户端,但我不确定为什么 Angular.

会发生这种情况

在开发的初始阶段,出于某种原因,我在 IdentityServerAccount/ExternalController.cs

中注释掉了以下行
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);

当此行被注释掉时,回调期间将有额外的 Cookie 将被发送到 Angular。

取消注释以上行将删除临时 Cookie,并且在回调期间会有更少的 header 数据,它会调用相应的 Angular 回调组件并设置不记名令牌。

需要澄清

  1. 如果有人可以分享为什么 Angular 不接受大型 header 数据,而它与 JS 客户端完美配合。
  2. 虽然 Angular 说请求错误,但我无法找到从何处(Angular 中的哪一层)抛出此错误。我什至没有看到一行错误,我可以从中得到一些关于错误原因的提示(大 header 数据)

如果有专家能分享他们在以上几点的经验,将对理解Angular的工作原理很有帮助。

If for any reason, you cannot limit the header size, then increase the node's --max-http-header-size. Kindly refer https://whosebug.com/a/57667786/2922388 on how to do it.

正如您已经发现的确切问题是 header 限制并通过限制 cookie 大小来解决它,但限制 cookie 大小可能不是解决方案 everytime.Main angular 背后的原因不接受大 header 数据是 bcs angular 使用节点服务 webpack-dev-server 节点 js 中的 header 大小有限制你可以在下面找到相关问题

ng serve fails to serve pages when large cookies are present

400 Bad request due to Node limiting header size to 8kB

Update npm run to fix hpe_header_overflow in recent nodejs versions

Make HTTP_MAX_HEADER_SIZE configurable

所以不要使用 ng serve 使用命令

node --max-http-header-size=16385 ./node_modules/@angular/cli/bin/ng serve

应该可以解决您的问题