将 Xamarin 客户端连接到 Identity Server4

Question

I am trying to connect a native mobile app(xamarin) to Identity Server.我正在尝试将本机移动应用程序（xamarin）连接到 Identity Server。 I had initially set the flow to be implicit, and I was told its incorrect.我最初将流程设置为隐式，但有人告诉我它不正确。 Hence I changed it Authorization Code flow.因此我改变了它的授权码流程。

Here is how my client definition looks like这是我的客户端定义的样子

 new Client
     {
         ClientId = "Xamarin",
         ClientName = "Xamarin Client",
         AllowedGrantTypes = GrantTypes.Code,
         AllowAccessTokensViaBrowser = true,
         RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
         PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
         AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
         AllowedScopes =
           {
              StandardScopes.OpenId.Name,
              StandardScopes.Profile.Name,
              "api1"
           },
         RequireConsent = false
      }

And from my xamarin app, this is how I connect to the identity server.从我的 xamarin 应用程序中，这就是我连接到身份服务器的方式。

void LoginButton_Clicked(object sender, EventArgs e)
    {
        StartFlow("token", "api1");
    }

    public void StartFlow(string responseType, string scope)
    {
        var authorizeRequest =
            new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");


        var dic = new Dictionary<string, string>();
        dic.Add("client_id", "Xamarin");
        dic.Add("response_type", responseType);
        dic.Add("scope", scope);
        dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
        dic.Add("nonce", Guid.NewGuid().ToString("N"));


        _currentCSRFToken = Guid.NewGuid().ToString("N");
        dic.Add("state", _currentCSRFToken);

        var authorizeUri = authorizeRequest.Create(dic);
        webLogin.Source = authorizeUri;
        webLogin.IsVisible = true;
    }

I get the the error "unauthorized_client" in the mobile app, and in my logs in server is shows:我在移动应用程序中收到错误“unauthorized_client”，并且在我的服务器登录中显示：

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
  Invalid grant type for client: implicit
  {
    "ClientId": "Xamarin",
    "ClientName": "Xamarin Client",
    "RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
    "AllowedRedirectUris": [
      "http://xx.xx.xx.xx/signin-oidc"
    ],
    "SubjectId": "anonymous",
    "ResponseType": "token",
    "ResponseMode": "fragment",
    "GrantType": "implicit",
    "RequestedScopes": "",
    "State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
    "Raw": {
      "client_id": "Xamarin",
      "response_type": "token",
      "scope": "api1",
      "redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
      "nonce": "49f21e8873d744bea76f6f00ebae3eb4",
      "state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
    }
  }
  fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
  Request validation failed
  info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
  {
    "ClientId": "Xamarin",
    "ClientName": "Xamarin Client",
    "RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
    "AllowedRedirectUris": [
      "http://xx.xx.xx.xx/signin-oidc"
    ],
    "SubjectId": "anonymous",
    "ResponseType": "token",
    "ResponseMode": "fragment",
    "GrantType": "implicit",
    "RequestedScopes": "",
    "State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
    "Raw": {
      "client_id": "Xamarin",
      "response_type": "token",
      "scope": "api1",
      "redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
      "nonce": "49f21e8873d744bea76f6f00ebae3eb4",
      "state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
    }
  }

But if you check my code I do not have a implict flow for this client type.但是如果你检查我的代码，我没有这个客户端类型的隐式流程。 And I have double checked my database to ensure that it is authorization_code.我已经仔细检查了我的数据库以确保它是authorization_code。 I appreciate if someone could help me fixing this.如果有人能帮我解决这个问题，我很感激。

Answer 1

It does not look as though idsrv4 supports code , code token nor code id_token token as response_type at the moment - only code id_token .目前看来 idsrv4 并不支持code 、 code token或code id_token token作为response_type - 仅code id_token 。 At least the current demo site fails when trying the test client and a /authorize request using the server.code client.至少当前的演示站点在使用server.code客户端尝试测试客户端和/authorize请求时失败。

The only working client I found related to authorization code was with a Hybrid setup ( code id_token / server.hybrid ):我发现与授权代码相关的唯一工作客户端是混合设置（ code id_token / server.hybrid ）：

https://demo.identityserver.io/connect/authorize?
  client_id=server.hybrid&
  response_type=code id_token&
  response_mode=fragment&
  redirect_uri=https://notused&
  scope=openid api&
  state=1&
  nonce=2

Not sure why that is, as it's already in the list of supported_response_types in the discovery document.不知道为什么会这样，因为它已经在发现文档中的supported_response_types列表中。 Maybe Dominic/Brock can fill in.也许多米尼克/布洛克可以填补。

  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],

Non working code flow auth request ( unsupported_response_type ):非工作代码流身份验证请求（ unsupported_response_type ）：

https://demo.identityserver.io/connect/authorize?
  client_id=server.code&
  response_type=code&
  response_mode=fragment&
  redirect_uri=https://notused&
  scope=openid api&
  state=1&
  nonce=2

将 Xamarin 客户端连接到 Identity Server4

问题描述

1 个解决方案

解决方案1
3 已采纳 2017-01-18 18:45:29

将 Xamarin 客户端连接到 Identity Server4

问题描述

1 个解决方案

解决方案1 3 已采纳 2017-01-18 18:45:29

解决方案1
3 已采纳 2017-01-18 18:45:29