身份服务器 connect/token 不受支持 grant_type 错误
Identity Server connect/token unsupported grant_type error
我已经使用 .net core 3.1 创建了一个身份服务器,但是当我尝试获取令牌时出现此错误。
这是我的 appsettings.json 文件
"Clients": [
{
"ClientId": "portal-api",
"AlwaysIncludeUserClaimsInIdToken": true,
"AllowOfflineAccess": true, //support refresh tokens
"AccessTokenLifetime": 3600,
"RequireConsent": false,
"ClientSecrets": [ { "Value": "lxl76J788Cvf1ds8CQJuFYGwTi7e3BXGCRK2JIUekmk=" } ],
"AllowedGrantTypes": [ "password", "code" ],
"AllowedScopes": [ "rest.auth" ],
"RefreshTokenUsage": "OneTimeOnly",
"RequireClientSecret": true,
"Enabled": true
}
]
},
如果您查看 here,您会发现应用程序设置应以 IdentityServer 对象开头,例如:
"IdentityServer": {
"IssuerUri": "urn:sso.company.com",
"Clients": [
{
"Enabled": true,
"ClientId": "local-dev",
"ClientName": "Local Development",
"ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
"AllowedGrantTypes": [ "client_credentials" ],
"AllowedScopes": [ "api1" ],
}
]
}
与您的问题没有直接关系,但使用密码授予有悖于当前的最佳做法,请参阅https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-18#section-2.4了解详情。
我还建议不要为单个客户端允许多种授权类型,因为这会扩大可能的攻击向量。
我已经使用 .net core 3.1 创建了一个身份服务器,但是当我尝试获取令牌时出现此错误。
这是我的 appsettings.json 文件
"Clients": [
{
"ClientId": "portal-api",
"AlwaysIncludeUserClaimsInIdToken": true,
"AllowOfflineAccess": true, //support refresh tokens
"AccessTokenLifetime": 3600,
"RequireConsent": false,
"ClientSecrets": [ { "Value": "lxl76J788Cvf1ds8CQJuFYGwTi7e3BXGCRK2JIUekmk=" } ],
"AllowedGrantTypes": [ "password", "code" ],
"AllowedScopes": [ "rest.auth" ],
"RefreshTokenUsage": "OneTimeOnly",
"RequireClientSecret": true,
"Enabled": true
}
]
},
如果您查看 here,您会发现应用程序设置应以 IdentityServer 对象开头,例如:
"IdentityServer": {
"IssuerUri": "urn:sso.company.com",
"Clients": [
{
"Enabled": true,
"ClientId": "local-dev",
"ClientName": "Local Development",
"ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
"AllowedGrantTypes": [ "client_credentials" ],
"AllowedScopes": [ "api1" ],
}
]
}
与您的问题没有直接关系,但使用密码授予有悖于当前的最佳做法,请参阅https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-18#section-2.4了解详情。
我还建议不要为单个客户端允许多种授权类型,因为这会扩大可能的攻击向量。