将 IdentityServer4 v2 升级到 v3 范围错误
Upgrading IdentityServer4 v2 to v3 scope error
我从我以前的带有身份服务器的核心 2 项目中取出了我的旧配置代码,并将其移动到一个新的核心 3.1 项目中。一切似乎都在工作,数据库已创建,大多数东西 "looks" 到目前为止都是正确的。我遇到的第一个问题是命中令牌端点时出现范围错误。我收到无效范围错误。我不确定为什么这不起作用,这是对 /connect/token.
的调用日志
[19:34:49 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/token matched to endpoint type Token
[19:34:49 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
[19:34:49 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[19:34:49 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.
[19:34:49 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation
[19:34:49 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret
[19:34:49 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body
[19:34:49 Debug] IdentityServer4.Validation.SecretParser
Parser found secret: PostBodySecretParser
[19:34:49 Debug] IdentityServer4.Validation.SecretParser
Secret id found: myapp_mobile
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ClientStore
myapp_mobile found in database: True
[19:34:49 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client myapp_mobile succeeded.
[19:34:49 Debug] IdentityServer4.Validation.SecretValidator
Secret validator success: HashedSharedSecretValidator
[19:34:49 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success
[19:34:49 Information] IdentityServer4.Events.DefaultEventService
{"ClientId": "myapp_mobile", "AuthenticationMethod": "SharedSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "80000020-0000-fe00-b63f-84710c7967bb", "TimeStamp": "2020-02-08T00:34:49.0000000Z", "ProcessId": 22424, "LocalIpAddress": "10.37.129.3:443", "RemoteIpAddress": "10.37.129.2", "$type": "ClientAuthenticationSuccessEvent"}
[19:34:49 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation
[19:34:49 Debug] IdentityServer4.Validation.TokenRequestValidator
Start resource owner password token request validation
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore
Found [] identity scopes in database
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore
Found ["myapp_api_resource", "myapp_api"] API scopes in database
[19:34:49 Error] IdentityServer4.Validation.ScopeValidator
Requested scope not allowed: email
[19:34:49 Error] IdentityServer4.Validation.TokenRequestValidator
{"ClientId": "myapp_mobile", "ClientName": "myapp Mobile App", "GrantType": "password", "Scopes": null, "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"client_id": "myapp_mobile", "client_secret": "***REDACTED***", "username": "testguy1", "password": "***REDACTED***", "grant_type": "password"}, "$type": "TokenRequestValidationLog"}
[19:34:49 Information] IdentityServer4.Events.DefaultEventService
{"ClientId": "myapp_mobile", "ClientName": "myapp Mobile App", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "password", "Error": "invalid_scope", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "80000020-0000-fe00-b63f-84710c7967bb", "TimeStamp": "2020-02-08T00:34:49.0000000Z", "ProcessId": 22424, "LocalIpAddress": "10.37.129.3:443", "RemoteIpAddress": "10.37.129.2", "$type": "TokenIssuedFailureEvent"}
我明白了 "Requests scope not allowed: email",我不知道为什么。我不要求任何示波器,所以我应该收到所有的示波器。这是我错过的 asp.net 核心身份设置吗?客户范围 table 有我客户的电子邮件,所以任何帮助都会很棒。
谢谢。
好吧,如果其他人遇到这个问题,答案很简单。
可能是在我的旧设置中的某个地方,我手动将 IdentityResource 配置添加到数据库中,或者它们从未进入我的最终数据库种子代码。一旦我添加了这些,令牌端点就开始工作了。
我从我以前的带有身份服务器的核心 2 项目中取出了我的旧配置代码,并将其移动到一个新的核心 3.1 项目中。一切似乎都在工作,数据库已创建,大多数东西 "looks" 到目前为止都是正确的。我遇到的第一个问题是命中令牌端点时出现范围错误。我收到无效范围错误。我不确定为什么这不起作用,这是对 /connect/token.
的调用日志[19:34:49 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/token matched to endpoint type Token
[19:34:49 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
[19:34:49 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[19:34:49 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.
[19:34:49 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation
[19:34:49 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret
[19:34:49 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body
[19:34:49 Debug] IdentityServer4.Validation.SecretParser
Parser found secret: PostBodySecretParser
[19:34:49 Debug] IdentityServer4.Validation.SecretParser
Secret id found: myapp_mobile
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ClientStore
myapp_mobile found in database: True
[19:34:49 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client myapp_mobile succeeded.
[19:34:49 Debug] IdentityServer4.Validation.SecretValidator
Secret validator success: HashedSharedSecretValidator
[19:34:49 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success
[19:34:49 Information] IdentityServer4.Events.DefaultEventService
{"ClientId": "myapp_mobile", "AuthenticationMethod": "SharedSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "80000020-0000-fe00-b63f-84710c7967bb", "TimeStamp": "2020-02-08T00:34:49.0000000Z", "ProcessId": 22424, "LocalIpAddress": "10.37.129.3:443", "RemoteIpAddress": "10.37.129.2", "$type": "ClientAuthenticationSuccessEvent"}
[19:34:49 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation
[19:34:49 Debug] IdentityServer4.Validation.TokenRequestValidator
Start resource owner password token request validation
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore
Found [] identity scopes in database
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore
Found ["myapp_api_resource", "myapp_api"] API scopes in database
[19:34:49 Error] IdentityServer4.Validation.ScopeValidator
Requested scope not allowed: email
[19:34:49 Error] IdentityServer4.Validation.TokenRequestValidator
{"ClientId": "myapp_mobile", "ClientName": "myapp Mobile App", "GrantType": "password", "Scopes": null, "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"client_id": "myapp_mobile", "client_secret": "***REDACTED***", "username": "testguy1", "password": "***REDACTED***", "grant_type": "password"}, "$type": "TokenRequestValidationLog"}
[19:34:49 Information] IdentityServer4.Events.DefaultEventService
{"ClientId": "myapp_mobile", "ClientName": "myapp Mobile App", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "password", "Error": "invalid_scope", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "80000020-0000-fe00-b63f-84710c7967bb", "TimeStamp": "2020-02-08T00:34:49.0000000Z", "ProcessId": 22424, "LocalIpAddress": "10.37.129.3:443", "RemoteIpAddress": "10.37.129.2", "$type": "TokenIssuedFailureEvent"}
我明白了 "Requests scope not allowed: email",我不知道为什么。我不要求任何示波器,所以我应该收到所有的示波器。这是我错过的 asp.net 核心身份设置吗?客户范围 table 有我客户的电子邮件,所以任何帮助都会很棒。
谢谢。
好吧,如果其他人遇到这个问题,答案很简单。
可能是在我的旧设置中的某个地方,我手动将 IdentityResource 配置添加到数据库中,或者它们从未进入我的最终数据库种子代码。一旦我添加了这些,令牌端点就开始工作了。