IdentityServer4 - Error: Unknown client or not enabled: oauthClient
IdentityServer4 - Error: Unknown client or not enabled: oauthClient
我已经尝试 setup a project with IdentityServer4 一段时间了。但是我收到以下错误:
Sso.Application.CentralHandler: Information: AuthenticationScheme: central was challenged.
IdentityServer4.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
IdentityServer4.Validation.AuthorizeRequestValidator: Error: Unknown client or not enabled: oauthClient
IdentityServer4.Endpoints.AuthorizeEndpoint: Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint: Information: {
"SubjectId": "anonymous",
"RequestedScopes": "",
"PromptMode": "",
"Raw": {
"client_id": "oauthClient",
"scope": "weatherforecasts.read",
"response_type": "code",
"redirect_uri": "https://localhost:44375/signin-central",
"code_challenge": "Rdi0rU5OkG1gWzh9xfvOxbZLiGbDHqujbMzl9d3u7Qs",
"code_challenge_method": "S256",
"state": "CfDJ8PC7ZLg_v2RDsl0VaXUuuT_-sT-at-LgQD1krwu8LESVXDKkQxQd8_eUQZJqOiGREAzBtfZ4U9X0BJDIn15AvYXKR2omUEBW5LzJm1Vz3ykaScc_kC89f6hCimDBmqCAdUOF0wnEn8FfDD8GPJtPBgxqoqrCNnyGKxh58XOIa85sN-zDSU5Oa73pzKt5FrFIkBCqUOfpCM_KZajZR_3DWFNCbwn8tS-XR0of7ga72XDILC--N9bCqA2eIlTSxf9HHPXmmLninU1ri7RM-XMsOzH__mtQQPOXCuaHw3Q0Nkedmpj4NaTCdcB1k55IdsX1eLrub8ptagCWzMIzXcYIWlJc74Zj-_H2uDZE4M-Blbdr"
}
}
我一整天都在 SO 上寻找如何解决这个错误,但我无法弄清楚它有什么问题。
这是 the IdentityProvider project 的 Startup 中的代码:
services
.AddDbContext<SsoCentralContext>();
//.AddScoped<Repositories.IAccountRepository, Repositories.AccountRepository>();
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<SsoCentralContext>();
var isb = services.AddIdentityServer();
isb
.AddInMemoryClients(new List<Client>
{
new Client
{
ClientId = "oauthClient",
ClientName = "oauthClient",
AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
Enabled = true,
ClientSecrets = new List<Secret> {new Secret("SuperSecretPassword".Sha256())}, // change me!
AllowedScopes = new List<string> {"weatherforecasts.read"},
RedirectUris = new List<string>
{
"https://localhost:44375/signin-central"
},
}
})
.AddInMemoryIdentityResources(new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource
{
Name = "role",
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
{
Name = "api1",
DisplayName = "API #1",
Description = "Allow the application to access API #1 on your behalf",
Scopes = new List<string> { "weatherforecasts.read", "weatherforecasts.write"},
ApiSecrets = new List<Secret> {new Secret("ScopeSecret".Sha256())},
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope("weatherforecasts.read", "Read Access to API #1"),
new ApiScope("weatherforecasts.write", "Write Access to API #1")
})
.AddTestUsers(new List<IdentityServer4.Test.TestUser>
{
new IdentityServer4.Test.TestUser
{
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
Username = "Pieterjan",
Password = "password",
Claims = new List<System.Security.Claims.Claim> {
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Email, "pieterjan@example.com"),
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Role, "admin")
}
}
})
.AddDeveloperSigningCredential();
isb
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
});
isb.AddAspNetIdentity<IdentityUser>();
上面的代码肯定是被调用了,所以oauthClient应该是肯定存在的。也肯定启用了客户端。
This is the code 在身份项目的 Startup 中:
services
.AddAuthentication(options =>
{
})
.AddOAuth<CentralOptions, CentralHandler>("central", options =>
{
options.ClaimsIssuer = "https://localhost:44359"; // This is the URL of the IdentityProvider
options.SaveTokens = true;
options.ClientId = "oauthClient";
options.ClientSecret = "SuperSecretPassword";
options.Scope.Add("weatherforecasts.read");
options.UsePkce = true;
});
我该如何解决这个错误?有谁知道如何找出这里出了什么问题吗?
我还需要在此处配置的基础上使用 OpenIdConnect 吗?
更新:
我添加了一个调用只是为了从 IS4 ClientStore 获取客户端:
[HttpGet("Clients")]
public async Task<IActionResult> GetClients()
{
//var client = await clientStore.FindClientByIdAsync("SsoApplicationClient");
var _inner = (IdentityServer4.EntityFramework.Stores.ClientStore)clientStore.GetType().GetField("_inner", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(clientStore);
var Context = (IdentityServer4.EntityFramework.DbContexts.ConfigurationDbContext)_inner.GetType().GetField("Context", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(_inner);
var Clients = Context.Clients;
return Ok(Clients);
}
令我惊讶的是,我从中得到的是一个完全空的列表:
好的,当你有以下配置时:
services.AddIdentityServer()
...
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
InMemoryClient 已不存在。刚刚将其注释掉,它现在似乎可以正常工作了。
我已经尝试 setup a project with IdentityServer4 一段时间了。但是我收到以下错误:
Sso.Application.CentralHandler: Information: AuthenticationScheme: central was challenged.
IdentityServer4.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
IdentityServer4.Validation.AuthorizeRequestValidator: Error: Unknown client or not enabled: oauthClient
IdentityServer4.Endpoints.AuthorizeEndpoint: Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint: Information: {
"SubjectId": "anonymous",
"RequestedScopes": "",
"PromptMode": "",
"Raw": {
"client_id": "oauthClient",
"scope": "weatherforecasts.read",
"response_type": "code",
"redirect_uri": "https://localhost:44375/signin-central",
"code_challenge": "Rdi0rU5OkG1gWzh9xfvOxbZLiGbDHqujbMzl9d3u7Qs",
"code_challenge_method": "S256",
"state": "CfDJ8PC7ZLg_v2RDsl0VaXUuuT_-sT-at-LgQD1krwu8LESVXDKkQxQd8_eUQZJqOiGREAzBtfZ4U9X0BJDIn15AvYXKR2omUEBW5LzJm1Vz3ykaScc_kC89f6hCimDBmqCAdUOF0wnEn8FfDD8GPJtPBgxqoqrCNnyGKxh58XOIa85sN-zDSU5Oa73pzKt5FrFIkBCqUOfpCM_KZajZR_3DWFNCbwn8tS-XR0of7ga72XDILC--N9bCqA2eIlTSxf9HHPXmmLninU1ri7RM-XMsOzH__mtQQPOXCuaHw3Q0Nkedmpj4NaTCdcB1k55IdsX1eLrub8ptagCWzMIzXcYIWlJc74Zj-_H2uDZE4M-Blbdr"
}
}
我一整天都在 SO 上寻找如何解决这个错误,但我无法弄清楚它有什么问题。
这是 the IdentityProvider project 的 Startup 中的代码:
services
.AddDbContext<SsoCentralContext>();
//.AddScoped<Repositories.IAccountRepository, Repositories.AccountRepository>();
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<SsoCentralContext>();
var isb = services.AddIdentityServer();
isb
.AddInMemoryClients(new List<Client>
{
new Client
{
ClientId = "oauthClient",
ClientName = "oauthClient",
AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
Enabled = true,
ClientSecrets = new List<Secret> {new Secret("SuperSecretPassword".Sha256())}, // change me!
AllowedScopes = new List<string> {"weatherforecasts.read"},
RedirectUris = new List<string>
{
"https://localhost:44375/signin-central"
},
}
})
.AddInMemoryIdentityResources(new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource
{
Name = "role",
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
{
Name = "api1",
DisplayName = "API #1",
Description = "Allow the application to access API #1 on your behalf",
Scopes = new List<string> { "weatherforecasts.read", "weatherforecasts.write"},
ApiSecrets = new List<Secret> {new Secret("ScopeSecret".Sha256())},
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope("weatherforecasts.read", "Read Access to API #1"),
new ApiScope("weatherforecasts.write", "Write Access to API #1")
})
.AddTestUsers(new List<IdentityServer4.Test.TestUser>
{
new IdentityServer4.Test.TestUser
{
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
Username = "Pieterjan",
Password = "password",
Claims = new List<System.Security.Claims.Claim> {
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Email, "pieterjan@example.com"),
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Role, "admin")
}
}
})
.AddDeveloperSigningCredential();
isb
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
});
isb.AddAspNetIdentity<IdentityUser>();
上面的代码肯定是被调用了,所以oauthClient应该是肯定存在的。也肯定启用了客户端。
This is the code 在身份项目的 Startup 中:
services
.AddAuthentication(options =>
{
})
.AddOAuth<CentralOptions, CentralHandler>("central", options =>
{
options.ClaimsIssuer = "https://localhost:44359"; // This is the URL of the IdentityProvider
options.SaveTokens = true;
options.ClientId = "oauthClient";
options.ClientSecret = "SuperSecretPassword";
options.Scope.Add("weatherforecasts.read");
options.UsePkce = true;
});
我该如何解决这个错误?有谁知道如何找出这里出了什么问题吗?
我还需要在此处配置的基础上使用 OpenIdConnect 吗?
更新:
我添加了一个调用只是为了从 IS4 ClientStore 获取客户端:
[HttpGet("Clients")]
public async Task<IActionResult> GetClients()
{
//var client = await clientStore.FindClientByIdAsync("SsoApplicationClient");
var _inner = (IdentityServer4.EntityFramework.Stores.ClientStore)clientStore.GetType().GetField("_inner", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(clientStore);
var Context = (IdentityServer4.EntityFramework.DbContexts.ConfigurationDbContext)_inner.GetType().GetField("Context", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(_inner);
var Clients = Context.Clients;
return Ok(Clients);
}
令我惊讶的是,我从中得到的是一个完全空的列表:
好的,当你有以下配置时:
services.AddIdentityServer()
...
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
InMemoryClient 已不存在。刚刚将其注释掉,它现在似乎可以正常工作了。