今天我使用IdentityServer4的演示构建了一个验证服务器,我可以使用OpenID登录客户端的ASP.NET Core客户端。
但是,我无法使用OpenID登录我的ASP.NET MVC5客户端。提示错误为:invalid_request。
以下是我的IdentityServer4配置代码,其中包含getclient()函数。
但是,我无法使用OpenID登录我的ASP.NET MVC5客户端。提示错误为:invalid_request。
以下是我的IdentityServer4配置代码,其中包含getclient()函数。
// clients want to access resources (aka scopes)
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
// OpenID Connect hybrid flow and client credentials client (MVC)
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
}
};
}
}
以下是我的asp.net mvc5客户端ConfigureAuth()代码,因为idenetiyServer4将ClientSecrets定义为"secret".Sha256(),所以在这个mvc客户端中,我设置了ClientSecret = GetSHA256HashFromString("secret"),我创建了私有方法GetSHA256HashFromString()来将字符串转换为sha256。
以下是我的代码:
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = "http://localhost:5000", //ID Server SSO Server
ClientId = "mvc",
ClientSecret = GetSHA256HashFromString("secret"),
ResponseType = "code id_token",
RedirectUri = "http://localhost:5002/signin-oidc", //URL of Client website
PostLogoutRedirectUri = "http://localhost:5002/signout-callback-oidc", //URL of Client website
Scope = "api1",
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
RequireHttpsMetadata = false,
});
我按下F5运行MVC客户端,然后点击登录按钮,浏览器可以跳转到localhost:5000,但是它给了我一个错误:
抱歉,出现了一个错误:invalid_request,其他错误信息如下: 请求ID:0HL9RHBTJIT3T:00000003**
非常感谢。