身份服务器 OAuth 资源所有者密码授予总是返回 invalid_client
[英]Identity Server OAuth Resource Owner Password Grant always returns invalid_client
问题描述
new Client
{
ClientId = "esmifavorito",
ClientName = "esmifavorito-client",
Enabled = true,
ClientSecrets = new List<ClientSecret>
{
new ClientSecret("esmifavorito".Sha256()) //PQ/pIgjXnBfK67kOxGxz9Eykft6CKPkPewR3jUNEkZo=
},
Flow = Flows.ResourceOwner,
//RequireConsent = false,
//AllowRememberConsent = false,
//ClientUri = "http",
RedirectUris = new List<string>
{
"https://localhost:44304",
},
ScopeRestrictions = new List<string>
{
},
AllowedCorsOrigins = new List<string>
{
"https://localhost:44304",
"http://localhost:50655",
"chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm",
"*",
},
PostLogoutRedirectUris = new List<string>
{
"https://localhost:44304",
},
AccessTokenType = AccessTokenType.Jwt,
IdentityTokenLifetime = 3000,
AccessTokenLifetime = 3600,
AuthorizationCodeLifetime = 300
}
I have registered my client, with implicit flow it works but I need to implement a login form so I'm trying Resource owner password credentials grant.
我已经注册了我的客户端,它可以使用隐式流程,但我需要实现一个登录表单,所以我正在尝试资源所有者密码凭据授予。 I'm doing requests to the endpoint with Postman in Chrome (that's why I added the chrome-extension to CORS, just to see if that was the error...)我正在 Chrome 中使用 Postman 向端点发出请求(这就是我将 chrome 扩展添加到 CORS 的原因,只是为了看看这是否是错误......)
I've tried a lot of requests (using https)我已经尝试了很多请求(使用 https)
POST /connect/token HTTP/1.1
Host: localhost:44302
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser&client_id=esmifavorito
- ——
POST /connect/token HTTP/1.1
Host: localhost:44302
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser&client_id=esmifavorito&client_secret=PQ%2FpIgjXnBfK67kOxGxz9Eykft6CKPkPewR3jUNEkZo%3D
- ——
POST /connect/token HTTP/1.1
Host: localhost:44302
Authorization: Basic ZXNtaWZhdm9yaXRvOlBRL3BJZ2pYbkJmSzY3a094R3h6OUV5a2Z0NkNLUGtQZXdSM2pVTkVrWm89
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser
Those should have worked but I'm always getting invalid_client那些应该有效,但我总是收到 invalid_client
The error log is empty, I don't know if I have done the tracer registration right错误日志是空的,不知道是不是我把tracer注册做对了
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
app.UseIdentityServer(new IdentityServerOptions
{
LoggingOptions = new LoggingOptions {
IncludeSensitiveDataInLogs = true,
WebApiDiagnosticsIsVerbose = true,
EnableWebApiDiagnostics = true,
//EnableHttpLogging = true
},
SiteName = "Thinktecture IdentityServer3 - UserService-AspNetIdentity",
SigningCertificate = Certificate.Get(string.Format(@"{0}\bin\IdentityServer\IdentityServerEMFDev.pfx", AppDomain.CurrentDomain.BaseDirectory), "KG0yM0At"),
Factory = idSvrFactory,
CorsPolicy = CorsPolicy.AllowAll,
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureAdditionalIdentityProviders,
},
}
);
With this in web.config有了这个在 web.config
<trace autoflush="true"
indentsize="4">
<listeners>
<add name="myListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="Trace.log" />
<remove name="Default" />
</listeners>
</trace>
The client data is correct since I have succesfuly logged in with implicit flow.客户端数据是正确的,因为我已经使用隐式流成功登录。 What am I missing?我错过了什么? This is getting on my nerves, I'm reading the OAuth RFC and I don't see why this shouldn't work.这让我很紧张,我正在阅读 OAuth RFC,但我不明白为什么这不起作用。
3 个解决方案
解决方案1
2 2015-06-22 23:20:11
I tried the new version of Postman (I don't know its number, but now it runs on the desktop as a chrome app), I copied the values from the old Postman version and now everything works. 我尝试了新版本的Postman(我不知道其编号,但是现在它作为chrome应用程序在桌面上运行),我复制了旧Postman版本中的值,现在一切正常。
POST /connect/token HTTP/1.1
Host: localhost:44302
Authorization: Basic ZXNtaWZhdm9yaXRvOmVzbWlmYXZvcml0bw==
Cache-Control: no-cache
Postman-Token: fc4acc63-29f2-6a37-b92c-b62034b13c29
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=test&password=testuser&scope=write
This is the resulting request. 这是结果请求。 In Postman 1 I have the same thing (excluding the Postman-Token ) and it gives me invalid_client. 在Postman 1中,我有同样的事情(不包括Postman-Token ),它给了我invalid_client。 I even used a similar Firefox tool with the same results. 我什至使用了具有相似结果的类似Firefox工具。 I don't know how is this possible. 我不知道这怎么可能。 Could it be something with the chrome-extension:// ? 可能是chrome-extension://吗?
I'm gonna answer myself but if someone knows what is happening here I'll be eternally grateful. 我要回答自己,但如果有人知道这里发生了什么,我将永远感激不已。
解决方案2
0 2016-10-07 20:36:25
It seems per this article that Authorization must be sent in the header 看来这篇文章必须在标头中发送授权
https://github.com/IdentityServer/IdentityServer3/issues/1520 https://github.com/IdentityServer/IdentityServer3/issues/1520
解决方案3
0 2021-12-17 11:39:42
In my case I had the same problem and I noticed it was due to my HttpClient setting a "custom" authorization header.就我而言,我遇到了同样的问题,我注意到这是由于我的 HttpClient 设置了“自定义”授权标头。
If using IdentityModel to request the resource owner password token, notice the Authorization header must contain client_id:client_secret in base 64.如果使用 IdentityModel 请求资源所有者密码令牌,请注意 Authorization 标头必须包含 base64 中的client_id:client_secret 。
In my case I was setting a different authorization header and, although the body values were correct, the IResourceOwnerPasswordValidator was not even attempting to validate the request.在我的例子中,我设置了一个不同的授权标头,虽然正文值是正确的,但IResourceOwnerPasswordValidator甚至没有尝试验证请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.