使用 Identity Server 4 进行身份验证时未调用 Grant Stores
Grant Stores not being called when authenticating with Identity Server 4
我已经设置了 Identity Server 4,其中包含授权代码、刷新令牌、引用令牌和用户许可的自定义存储。它们是这样设置的:
public void ConfigureServices(IServiceCollection services) {
services.AddScoped<IUserRequester, UserRequester>(_ =>
new UserRequester(Configuration.GetSection("AzureTableStore.UserLogin").Get<TableStoreConfiguration>()));
services.AddControllers().AddNewtonsoftJson(options =>
options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver());
X509Certificate2 certData = DownloadCertificate(Configuration.GetSection("APICertificate").Get<Secret>());
IIdentityServerBuilder builder = services.AddIdentityServer().AddSigningCredential(certData);
builder.AddInMemoryClients(Clients.Get());
builder.AddInMemoryIdentityResources(Identities.Get());
builder.AddInMemoryApiResources(Apis.GetResources());
builder.AddInMemoryApiScopes(Apis.GetScopes());
builder.Services.Configure<TableStoreConfiguration>(Configuration.GetSection("AzureTableStore.UserLogin"));
builder.Services.Configure<RedisConfiguration>(Configuration.GetSection("RedisCache"));
builder.Services.AddTransient<IRedisConnection, RedisConnection>();
builder.Services.AddTransient<IUserRequester, UserRequester>();
builder.Services.AddTransient<IProfileService, ProfileService>();
builder.Services.AddTransient<IResourceOwnerPasswordValidator, PasswordValidator>();
builder.Services.AddTransient<IAuthorizationCodeStore, AuthorizationCodeStore>();
builder.Services.AddTransient<IReferenceTokenStore, ReferenceTokenStore>();
builder.Services.AddTransient<IRefreshTokenStore, RefreshTokenStore>();
builder.Services.AddTransient<IUserConsentStore, UserConsentStore>();
services.AddSwaggerGen(c => {
// Set the swagger doc stub
c.SwaggerDoc("v1", new OpenApiInfo {
Version = "v1",
Title = "Authentication"
});
// Set the comments path for the Swagger JSON and UI.
string xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
string xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Authentication v1"));
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "Authentication API v1");
c.RoutePrefix = string.Empty;
});
app.UseHttpsRedirection();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}"));
}
我遇到的问题是,当我在验证用户身份时调试服务时,我注意到 none 我的商店被调用了。此外,我注意到 Identity Server 记录它仍在使用内存中授权存储。
info: IdentityServer4.Startup[0]
Starting IdentityServer4 version 4.1.2+997a6cdd643e46cd5762b710c4ddc43574cbec2e
info: IdentityServer4.Startup[0]
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
info: IdentityServer4.Startup[0]
Using the default authentication scheme idsrv for IdentityServer
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: \Authentication\Authentication
那么,我该如何告诉 Identity Server 它应该使用我的商店呢?我已经按照指南 here 进行操作,它似乎表明我需要 IPersistedGrantStore
和 IPersistedGrantService
的自定义实现,但我不明白为什么我需要两者。任何解释都会有所帮助。
在我们的解决方案中,我只是实施了 IPersistedGrantStore
,并没有像您那样覆盖个别的解决方案。该服务实际上是为授权代码、引用令牌、刷新令牌和同意执行持久性操作,还允许检索和删除与用户关联的所有持久授权,因此我认为您必须提供自己的实现。
简而言之,正如斯科特在链接文章中所说:
The default implementations of IAuthorizationCodeStore,
IRefreshTokenStore, IReferenceTokenStore, and IUserConsentStore all
utilise the IPersistedGrantStore
你不需要两者,你只需要实现 IPersistedGrantStore
.
我已经设置了 Identity Server 4,其中包含授权代码、刷新令牌、引用令牌和用户许可的自定义存储。它们是这样设置的:
public void ConfigureServices(IServiceCollection services) {
services.AddScoped<IUserRequester, UserRequester>(_ =>
new UserRequester(Configuration.GetSection("AzureTableStore.UserLogin").Get<TableStoreConfiguration>()));
services.AddControllers().AddNewtonsoftJson(options =>
options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver());
X509Certificate2 certData = DownloadCertificate(Configuration.GetSection("APICertificate").Get<Secret>());
IIdentityServerBuilder builder = services.AddIdentityServer().AddSigningCredential(certData);
builder.AddInMemoryClients(Clients.Get());
builder.AddInMemoryIdentityResources(Identities.Get());
builder.AddInMemoryApiResources(Apis.GetResources());
builder.AddInMemoryApiScopes(Apis.GetScopes());
builder.Services.Configure<TableStoreConfiguration>(Configuration.GetSection("AzureTableStore.UserLogin"));
builder.Services.Configure<RedisConfiguration>(Configuration.GetSection("RedisCache"));
builder.Services.AddTransient<IRedisConnection, RedisConnection>();
builder.Services.AddTransient<IUserRequester, UserRequester>();
builder.Services.AddTransient<IProfileService, ProfileService>();
builder.Services.AddTransient<IResourceOwnerPasswordValidator, PasswordValidator>();
builder.Services.AddTransient<IAuthorizationCodeStore, AuthorizationCodeStore>();
builder.Services.AddTransient<IReferenceTokenStore, ReferenceTokenStore>();
builder.Services.AddTransient<IRefreshTokenStore, RefreshTokenStore>();
builder.Services.AddTransient<IUserConsentStore, UserConsentStore>();
services.AddSwaggerGen(c => {
// Set the swagger doc stub
c.SwaggerDoc("v1", new OpenApiInfo {
Version = "v1",
Title = "Authentication"
});
// Set the comments path for the Swagger JSON and UI.
string xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
string xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Authentication v1"));
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "Authentication API v1");
c.RoutePrefix = string.Empty;
});
app.UseHttpsRedirection();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}"));
}
我遇到的问题是,当我在验证用户身份时调试服务时,我注意到 none 我的商店被调用了。此外,我注意到 Identity Server 记录它仍在使用内存中授权存储。
info: IdentityServer4.Startup[0]
Starting IdentityServer4 version 4.1.2+997a6cdd643e46cd5762b710c4ddc43574cbec2e
info: IdentityServer4.Startup[0]
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
info: IdentityServer4.Startup[0]
Using the default authentication scheme idsrv for IdentityServer
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: \Authentication\Authentication
那么,我该如何告诉 Identity Server 它应该使用我的商店呢?我已经按照指南 here 进行操作,它似乎表明我需要 IPersistedGrantStore
和 IPersistedGrantService
的自定义实现,但我不明白为什么我需要两者。任何解释都会有所帮助。
在我们的解决方案中,我只是实施了 IPersistedGrantStore
,并没有像您那样覆盖个别的解决方案。该服务实际上是为授权代码、引用令牌、刷新令牌和同意执行持久性操作,还允许检索和删除与用户关联的所有持久授权,因此我认为您必须提供自己的实现。
简而言之,正如斯科特在链接文章中所说:
The default implementations of IAuthorizationCodeStore, IRefreshTokenStore, IReferenceTokenStore, and IUserConsentStore all utilise the IPersistedGrantStore
你不需要两者,你只需要实现 IPersistedGrantStore
.