我正在使用 IdentityServer4,遵循以下文档https://identityserver4.readthedocs.io/en/latest/quickstarts/1_client_credentials.html https://identityserver4.readthedocs.io/en/latest/quickstarts/1_client_credentials.html
但我得到了invalid_scope
使用的客户端中出现错误IdentityModel
当使用客户端凭据请求令牌时。
可能我错过了某些步骤,但我已经检查了好几次了。
奇怪的是,身份服务器端点显示以下日志:
Invalid scopes requested, {"ClientId": "client", "ClientName": null, "GrantType": "client_credentials", "Scopes": null, "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "client_credentials", "scope": "api1", "client_id": "client", "client_secret": "***REDACTED***"}, "$type": "TokenRequestValidationLog"}
这并不奇怪Scopes
is null
以及后来scope
有api1
value?
我正在使用内存值。
public static class Config
{
public static IEnumerable<IdentityResource> Ids =>
new IdentityResource[]
{
new IdentityResources.OpenId()
};
public static IEnumerable<ApiResource> Apis =>
new List<ApiResource>
{
new ApiResource("api1", "My Api")
};
public static IEnumerable<Client> Clients =>
new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1" }
}
};
}
and
public void ConfigureServices(IServiceCollection services)
{
// uncomment, if you want to add an MVC-based UI
//services.AddControllersWithViews();
var builder =
services
.AddIdentityServer()
.AddInMemoryApiResources(Config.Apis)
.AddInMemoryClients(Config.Clients)
.AddInMemoryIdentityResources(Config.Ids);
// not recommended for production - you need to store your key material somewhere secure
builder.AddDeveloperSigningCredential();
}
public void Configure(IApplicationBuilder app)
{
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// uncomment if you want to add MVC
//app.UseStaticFiles();
//app.UseRouting();
app.UseIdentityServer();
// uncomment, if you want to add MVC
//app.UseAuthorization();
//app.UseEndpoints(endpoints =>
//{
// endpoints.MapDefaultControllerRoute();
//});
}
我可以看到众所周知的配置,尽管它没有提到 api1 作为受支持的范围。
这是客户
var client = new HttpClient();
var discovery =
await client.GetDiscoveryDocumentAsync("https://localhost:5001");
if (discovery.IsError)
{
await Console.Out.WriteLineAsync("Discovery error");
return;
}
// request token
var clientCredentialsTokenRequest =
new ClientCredentialsTokenRequest
{
Address = discovery.TokenEndpoint,
ClientId = "client",
ClientSecret = "secret",
Scope = "api1"
};
var tokenResponse =
await client.RequestClientCredentialsTokenAsync(clientCredentialsTokenRequest);
我是否缺少任何其他东西来进行最基本的示例工作?
更新1:
好的,我已将 Identity Server 降级到 3.1.3,它可以正常工作。
对于 Identity Server 4.0.0 版本,某些内容必须发生变化。会去那里调查。