IdentityServer4 无效 Redirect_Uri 错误
IdentityServer4 Invalid Redirect_Uri Error
我创建了 3 个独立的项目,web api 项目、web mvc 项目和 asp.net 核心应用程序。我正在使用具有 asp.net 核心身份的 IdentityServer4。我有一个项目解决方案 id,其中包含 TestUsers 的信息。在行 RedirectUris = {"https://localhost:5444/signin-oidc"} 上,我将其重定向到项目 WeatherMVC。所有三个文件上的 launchsettings.json 都是正确的,RedirectUris 也是正确的。 是不是我做错了什么导致我收到这条消息?
weatherapi project:
----startup.cs:
namespace weatherapi
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication("Bearer", options =>
{
options.ApiName = "weatherapi";
options.Authority = "https://localhost:5443";
});
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "weatherapi", Version = "v1" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "weatherapi v1"));
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
----launchsettings.json:
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:52575",
"sslPort": 44354
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "swagger",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"weatherapi": {
"commandName": "Project",
"dotnetRunMessages": "true",
"launchBrowser": true,
"hotReloadProfile": "aspnetcore",
"launchUrl": "swagger",
"applicationUrl": "https://localhost:5445;http://localhost:5002",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
WeatherMVC Project:
----launchsettings.json:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:65206",
"sslPort": 44398
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"WeatherMVC": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5444;http://localhost:5001"
}
}
}
这两个项目在一个解决方案下,我执行多个启动项目。
在另一个项目上,名为 id...
id project:
----launchsettings.json
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:19916",
"sslPort": 44341
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"id": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"hotReloadProfile": "aspnetcore",
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5443;http://localhost:5000"
}
}
}
在 Config.cs 下方的 class 中,我有执行 Redirect_uri:
的代码
public static IEnumerable<Client> Clients =>
new[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},
AllowedScopes = {"weatherapi.read", "weatherapi.write"}
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = {"https://localhost:5444/signin-oidc"},
FrontChannelLogoutUri = "https://localhost:5444/signout-oidc",
PostLogoutRedirectUris = {"https://localhost:5444/signout-callback-oidc"},
AllowOfflineAccess = true,
AllowedScopes = {"openid", "profile", "weatherapi.read"},
RequirePkce = true,
RequireConsent = true,
AllowPlainTextPkce = false
},
};
}
}
----startup.cs:
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddInMemoryClients(Config.Clients)
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddTestUsers(Config.Users)
.AddDeveloperSigningCredential();
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseStaticFiles();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
}
}
更新
按照建议在 program.cs 中添加调试器后:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
})
.ConfigureLogging(builder =>
{
builder.SetMinimumLevel(LogLevel.Debug);
builder.AddFilter("IdentityServer4", LogLevel.Debug);
});
我终于注意到它正在使用它的 sslPort: 44398 调用属于名为 WeatherMVC 的项目的重定向 uri。请参阅 launchsettings.json 以获得 weathermvc projcect。似乎无法理解如果我没有将其设置为该 URI,为什么它会重定向该 URI。
WeatherApi 是 IdentityServer 的客户端,当它进行身份验证时,它会告诉 IdentityServer 它的重定向 uri。 IdentityServer 检查其允许的重定向 URI 并在找到匹配项时进行重定向。
此代码指定了一个有效的重定向 uri 列表,而不是重定向 uri。
RedirectUris = {"https://localhost:5444/signin-oidc"},
您的 launchsettings.json 中设置了 IISExpress 和 Kestrel,我认为您的 WeatherApi 项目只是使用它找到的第一个设置作为重定向 uri。
一些可能的解决方案是:
将 WeatherApi 的其他 uri 添加到允许的 uri,例如
RedirectUris = {
"https://localhost:5444/signin-oidc", "https://localhost:44398/signin-oidc"},
您还可以更改 launchsettings.json 中的 Kestrel,以便 WeatherApi 使用相同的端口
"applicationUrl": "https://localhost:44398;http://localhost:65206"
我创建了 3 个独立的项目,web api 项目、web mvc 项目和 asp.net 核心应用程序。我正在使用具有 asp.net 核心身份的 IdentityServer4。我有一个项目解决方案 id,其中包含 TestUsers 的信息。在行 RedirectUris = {"https://localhost:5444/signin-oidc"} 上,我将其重定向到项目 WeatherMVC。所有三个文件上的 launchsettings.json 都是正确的,RedirectUris 也是正确的。 是不是我做错了什么导致我收到这条消息?
weatherapi project:
----startup.cs:
namespace weatherapi
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication("Bearer", options =>
{
options.ApiName = "weatherapi";
options.Authority = "https://localhost:5443";
});
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "weatherapi", Version = "v1" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "weatherapi v1"));
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
----launchsettings.json:
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:52575",
"sslPort": 44354
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "swagger",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"weatherapi": {
"commandName": "Project",
"dotnetRunMessages": "true",
"launchBrowser": true,
"hotReloadProfile": "aspnetcore",
"launchUrl": "swagger",
"applicationUrl": "https://localhost:5445;http://localhost:5002",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
WeatherMVC Project:
----launchsettings.json:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:65206",
"sslPort": 44398
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"WeatherMVC": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5444;http://localhost:5001"
}
}
}
这两个项目在一个解决方案下,我执行多个启动项目。
在另一个项目上,名为 id...
id project:
----launchsettings.json
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:19916",
"sslPort": 44341
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"id": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"hotReloadProfile": "aspnetcore",
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5443;http://localhost:5000"
}
}
}
在 Config.cs 下方的 class 中,我有执行 Redirect_uri:
public static IEnumerable<Client> Clients =>
new[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},
AllowedScopes = {"weatherapi.read", "weatherapi.write"}
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = {"https://localhost:5444/signin-oidc"},
FrontChannelLogoutUri = "https://localhost:5444/signout-oidc",
PostLogoutRedirectUris = {"https://localhost:5444/signout-callback-oidc"},
AllowOfflineAccess = true,
AllowedScopes = {"openid", "profile", "weatherapi.read"},
RequirePkce = true,
RequireConsent = true,
AllowPlainTextPkce = false
},
};
}
}
----startup.cs:
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddInMemoryClients(Config.Clients)
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddTestUsers(Config.Users)
.AddDeveloperSigningCredential();
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseStaticFiles();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
}
}
更新
按照建议在 program.cs 中添加调试器后:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
})
.ConfigureLogging(builder =>
{
builder.SetMinimumLevel(LogLevel.Debug);
builder.AddFilter("IdentityServer4", LogLevel.Debug);
});
我终于注意到它正在使用它的 sslPort: 44398 调用属于名为 WeatherMVC 的项目的重定向 uri。请参阅 launchsettings.json 以获得 weathermvc projcect。似乎无法理解如果我没有将其设置为该 URI,为什么它会重定向该 URI。
WeatherApi 是 IdentityServer 的客户端,当它进行身份验证时,它会告诉 IdentityServer 它的重定向 uri。 IdentityServer 检查其允许的重定向 URI 并在找到匹配项时进行重定向。
此代码指定了一个有效的重定向 uri 列表,而不是重定向 uri。
RedirectUris = {"https://localhost:5444/signin-oidc"},
您的 launchsettings.json 中设置了 IISExpress 和 Kestrel,我认为您的 WeatherApi 项目只是使用它找到的第一个设置作为重定向 uri。
一些可能的解决方案是:
将 WeatherApi 的其他 uri 添加到允许的 uri,例如
RedirectUris = {
"https://localhost:5444/signin-oidc", "https://localhost:44398/signin-oidc"},
您还可以更改 launchsettings.json 中的 Kestrel,以便 WeatherApi 使用相同的端口
"applicationUrl": "https://localhost:44398;http://localhost:65206"