未设置 OAuth2Client clientId 和 clientSecret
OAuth2Client clientId and clientSecret not set
我已经设置了一个可用的 IdentityServer 3,除了我尝试添加的刷新令牌外,一切正常。
我避免报告整个代码,因为我认为我发现了错误
var tokenClient = new OAuth2Client(new Uri("https://myServer/myIdentityServer/connect/token"), "clientId", "secretWord");
var response = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
我在第二行出错,调试我发现 tokenClient 变量包含一些私有属性,这些属性设置为 null 但不应该是
_address: {https://myServer/myIdentityServer/connect/token}
_authenticationStyle: None
_client: {System.Net.Http.HttpClient}
_clientId: null
_clientSecret: null
为什么_clientId和_clientSecret设置为null?我把2个参数直接给了OAuth2Client构造函数,我这里做错了吗?
更新:根据 Scott Brady 的建议,我也尝试使用 IdentityModel 中的 TokenClient class。没有任何变化,response 变量报告一个 HttpError "Internal Server Error".
从 IdentityServer 来看,一切似乎都很好,请求第一部分的日志很好
2015-11-10 14:31:36.737 +01:00 [Information] Start authorize request
2015-11-10 14:31:36.737 +01:00 [Information] Start authorize request protocol validation
2015-11-10 14:31:36.738 +01:00 [Information] "Authorize request validation success"
"{
\"ClientId\": \"hybridclient\",
\"ClientName\": \"Hybrid Client Example\",
\"RedirectUri\": \"https://rbmidde02.xxx.com/miIdentityClient/\",
\"AllowedRedirectUris\": [
\"https://rbmidde02.xxx.com/miIdentityClient/\"
],
\"SubjectId\": \"1\",
\"ResponseType\": \"code id_token token\",
\"ResponseMode\": \"form_post\",
\"Flow\": \"Hybrid\",
\"RequestedScopes\": \"openid profile email roles offline_access\",
\"State\": \"OpenIdConnect.AuthenticationProperties=joIq4Na_pIjM1dGht8LPOhXbzPjnHnlFgOPll_oxPbAH9GIuFQ5SKHUZWgRFUih_OFGTWxmi8I_Fu7pS_t_V_R2cNDa7l6r0eQ4RfgTosHHhmdpfm-0YuAO-N5q_16WyqesLPckv6HrB7ruZ64m8Vu4mpA80RYjc46xalOdzkyrKQLlmt_AwlWGA6XY-B2P3WpVvcP_tZQywdMEFS9uF-ucK07UOeUwO6nV8QXGJ-g31WhmM4D1I83O3EaYnoB2Xf6bOAMJuMySTywwQQ-bdd-tiOoRsusqSuc-JeeOiZvY\",
\"Nonce\": \"635827590967269474.ZmM0NjgwYzMtZTYwMC00MmI5LTk5YzUtZjdhMmQ4MTkyZTUwNDBjZTkwYzEtYTBlNy00MDM2LTk4ZjUtMWEzYmZjZmZmMTc2\",
\"SessionId\": \"7eb1b6356ef9ecb843dde1afdb239d9e\",
\"Raw\": {
\"client_id\": \"hybridclient\",
\"redirect_uri\": \"https://rbmidde02.xxx.com/miIdentityClient/\",
\"response_mode\": \"form_post\",
\"response_type\": \"code id_token token\",
\"scope\": \"openid profile email roles offline_access\",
\"state\": \"OpenIdConnect.AuthenticationProperties=joIq4Na_pIjM1dGht8LPOhXbzPjnHnlFgOPll_oxPbAH9GIuFQ5SKHUZWgRFUih_OFGTWxmi8I_Fu7pS_t_V_R2cNDa7l6r0eQ4RfgTosHHhmdpfm-0YuAO-N5q_16WyqesLPckv6HrB7ruZ64m8Vu4mpA80RYjc46xalOdzkyrKQLlmt_AwlWGA6XY-B2P3WpVvcP_tZQywdMEFS9uF-ucK07UOeUwO6nV8QXGJ-g31WhmM4D1I83O3EaYnoB2Xf6bOAMJuMySTywwQQ-bdd-tiOoRsusqSuc-JeeOiZvY\",
\"nonce\": \"635827590967269474.ZmM0NjgwYzMtZTYwMC00MmI5LTk5YzUtZjdhMmQ4MTkyZTUwNDBjZTkwYzEtYTBlNy00MDM2LTk4ZjUtMWEzYmZjZmZmMTc2\"
}
}"
2015-11-10 14:31:36.738 +01:00 [Information] Creating Hybrid Flow response.
2015-11-10 14:31:36.738 +01:00 [Information] Creating Implicit Flow response.
2015-11-10 14:31:36.749 +01:00 [Information] Getting claims for identity token for subject: 1
2015-11-10 14:31:36.757 +01:00 [Information] End authorize request
2015-11-10 14:31:36.757 +01:00 [Information] Posting to https://rbmidde02.xxx.com/miIdentityClient/
但第二部分似乎还可以
2015-11-10 14:31:36.905 +01:00 [Information] Start userinfo request
2015-11-10 14:31:36.905 +01:00 [Information] Token found: AuthorizationHeader
2015-11-10 14:31:36.905 +01:00 [Information] Start access token validation
2015-11-10 14:31:36.906 +01:00 [Information] "Token validation success"
"{
\"ValidateLifetime\": true,
\"AccessTokenType\": \"Jwt\",
\"ExpectedScope\": \"openid\",
\"Claims\": {
\"client_id\": \"hybridclient\",
\"scope\": [
\"openid\",
\"profile\",
\"email\",
\"roles\",
\"offline_access\"
],
\"sub\": \"1\",
\"amr\": \"password\",
\"auth_time\": \"1447153048\",
\"idp\": \"idsrv\",
\"iss\": \"https://rbmidde02.xxx.com/miIdentityServer\",
\"aud\": \"https://rbmidde02.xxx.com/miIdentityServer/resources\",
\"exp\": \"1447165896\",
\"nbf\": \"1447162296\"
}
}"
2015-11-10 14:31:36.907 +01:00 [Information] Creating userinfo response
2015-11-10 14:31:36.907 +01:00 [Information] Scopes in access token: "openid profile email roles offline_access"
2015-11-10 14:31:36.907 +01:00 [Information] Requested claim types: "sub name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at email email_verified role"
2015-11-10 14:31:36.907 +01:00 [Information] Profile service returned to the following claim types: "sub given_name family_name email role role preferred_username"
2015-11-10 14:31:36.907 +01:00 [Information] End userinfo request
2015-11-10 14:31:36.907 +01:00 [Information] Returning userinfo response.
IdentityServer 端的响应正常,我不明白为什么客户端会出现内部服务器错误。
我对 OAuth2Client class 没有太多经验。但是我确实知道 IdentityModel 中的 TokenClient class 可以与 Identity Server 一起使用,并且使用与上面几乎相同的代码。
我建议您试一试,因为它是由与 Identity Server 相同的团队制作的。
请参阅 here 示例用法和 GitHub 存储库。
我已经设置了一个可用的 IdentityServer 3,除了我尝试添加的刷新令牌外,一切正常。
我避免报告整个代码,因为我认为我发现了错误
var tokenClient = new OAuth2Client(new Uri("https://myServer/myIdentityServer/connect/token"), "clientId", "secretWord");
var response = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
我在第二行出错,调试我发现 tokenClient 变量包含一些私有属性,这些属性设置为 null 但不应该是
_address: {https://myServer/myIdentityServer/connect/token}
_authenticationStyle: None
_client: {System.Net.Http.HttpClient}
_clientId: null
_clientSecret: null
为什么_clientId和_clientSecret设置为null?我把2个参数直接给了OAuth2Client构造函数,我这里做错了吗?
更新:根据 Scott Brady 的建议,我也尝试使用 IdentityModel 中的 TokenClient class。没有任何变化,response 变量报告一个 HttpError "Internal Server Error".
从 IdentityServer 来看,一切似乎都很好,请求第一部分的日志很好
2015-11-10 14:31:36.737 +01:00 [Information] Start authorize request
2015-11-10 14:31:36.737 +01:00 [Information] Start authorize request protocol validation
2015-11-10 14:31:36.738 +01:00 [Information] "Authorize request validation success"
"{
\"ClientId\": \"hybridclient\",
\"ClientName\": \"Hybrid Client Example\",
\"RedirectUri\": \"https://rbmidde02.xxx.com/miIdentityClient/\",
\"AllowedRedirectUris\": [
\"https://rbmidde02.xxx.com/miIdentityClient/\"
],
\"SubjectId\": \"1\",
\"ResponseType\": \"code id_token token\",
\"ResponseMode\": \"form_post\",
\"Flow\": \"Hybrid\",
\"RequestedScopes\": \"openid profile email roles offline_access\",
\"State\": \"OpenIdConnect.AuthenticationProperties=joIq4Na_pIjM1dGht8LPOhXbzPjnHnlFgOPll_oxPbAH9GIuFQ5SKHUZWgRFUih_OFGTWxmi8I_Fu7pS_t_V_R2cNDa7l6r0eQ4RfgTosHHhmdpfm-0YuAO-N5q_16WyqesLPckv6HrB7ruZ64m8Vu4mpA80RYjc46xalOdzkyrKQLlmt_AwlWGA6XY-B2P3WpVvcP_tZQywdMEFS9uF-ucK07UOeUwO6nV8QXGJ-g31WhmM4D1I83O3EaYnoB2Xf6bOAMJuMySTywwQQ-bdd-tiOoRsusqSuc-JeeOiZvY\",
\"Nonce\": \"635827590967269474.ZmM0NjgwYzMtZTYwMC00MmI5LTk5YzUtZjdhMmQ4MTkyZTUwNDBjZTkwYzEtYTBlNy00MDM2LTk4ZjUtMWEzYmZjZmZmMTc2\",
\"SessionId\": \"7eb1b6356ef9ecb843dde1afdb239d9e\",
\"Raw\": {
\"client_id\": \"hybridclient\",
\"redirect_uri\": \"https://rbmidde02.xxx.com/miIdentityClient/\",
\"response_mode\": \"form_post\",
\"response_type\": \"code id_token token\",
\"scope\": \"openid profile email roles offline_access\",
\"state\": \"OpenIdConnect.AuthenticationProperties=joIq4Na_pIjM1dGht8LPOhXbzPjnHnlFgOPll_oxPbAH9GIuFQ5SKHUZWgRFUih_OFGTWxmi8I_Fu7pS_t_V_R2cNDa7l6r0eQ4RfgTosHHhmdpfm-0YuAO-N5q_16WyqesLPckv6HrB7ruZ64m8Vu4mpA80RYjc46xalOdzkyrKQLlmt_AwlWGA6XY-B2P3WpVvcP_tZQywdMEFS9uF-ucK07UOeUwO6nV8QXGJ-g31WhmM4D1I83O3EaYnoB2Xf6bOAMJuMySTywwQQ-bdd-tiOoRsusqSuc-JeeOiZvY\",
\"nonce\": \"635827590967269474.ZmM0NjgwYzMtZTYwMC00MmI5LTk5YzUtZjdhMmQ4MTkyZTUwNDBjZTkwYzEtYTBlNy00MDM2LTk4ZjUtMWEzYmZjZmZmMTc2\"
}
}"
2015-11-10 14:31:36.738 +01:00 [Information] Creating Hybrid Flow response.
2015-11-10 14:31:36.738 +01:00 [Information] Creating Implicit Flow response.
2015-11-10 14:31:36.749 +01:00 [Information] Getting claims for identity token for subject: 1
2015-11-10 14:31:36.757 +01:00 [Information] End authorize request
2015-11-10 14:31:36.757 +01:00 [Information] Posting to https://rbmidde02.xxx.com/miIdentityClient/
但第二部分似乎还可以
2015-11-10 14:31:36.905 +01:00 [Information] Start userinfo request
2015-11-10 14:31:36.905 +01:00 [Information] Token found: AuthorizationHeader
2015-11-10 14:31:36.905 +01:00 [Information] Start access token validation
2015-11-10 14:31:36.906 +01:00 [Information] "Token validation success"
"{
\"ValidateLifetime\": true,
\"AccessTokenType\": \"Jwt\",
\"ExpectedScope\": \"openid\",
\"Claims\": {
\"client_id\": \"hybridclient\",
\"scope\": [
\"openid\",
\"profile\",
\"email\",
\"roles\",
\"offline_access\"
],
\"sub\": \"1\",
\"amr\": \"password\",
\"auth_time\": \"1447153048\",
\"idp\": \"idsrv\",
\"iss\": \"https://rbmidde02.xxx.com/miIdentityServer\",
\"aud\": \"https://rbmidde02.xxx.com/miIdentityServer/resources\",
\"exp\": \"1447165896\",
\"nbf\": \"1447162296\"
}
}"
2015-11-10 14:31:36.907 +01:00 [Information] Creating userinfo response
2015-11-10 14:31:36.907 +01:00 [Information] Scopes in access token: "openid profile email roles offline_access"
2015-11-10 14:31:36.907 +01:00 [Information] Requested claim types: "sub name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at email email_verified role"
2015-11-10 14:31:36.907 +01:00 [Information] Profile service returned to the following claim types: "sub given_name family_name email role role preferred_username"
2015-11-10 14:31:36.907 +01:00 [Information] End userinfo request
2015-11-10 14:31:36.907 +01:00 [Information] Returning userinfo response.
IdentityServer 端的响应正常,我不明白为什么客户端会出现内部服务器错误。
我对 OAuth2Client class 没有太多经验。但是我确实知道 IdentityModel 中的 TokenClient class 可以与 Identity Server 一起使用,并且使用与上面几乎相同的代码。
我建议您试一试,因为它是由与 Identity Server 相同的团队制作的。
请参阅 here 示例用法和 GitHub 存储库。