[英]Connecting Xamarin client to Identity Server4
I am trying to connect a native mobile app(xamarin) to Identity Server.我正在尝试将本机移动应用程序(xamarin)连接到 Identity Server。 I had initially set the flow to be implicit, and I was told its incorrect.
我最初将流程设置为隐式,但有人告诉我它不正确。 Hence I changed it Authorization Code flow.
因此我改变了它的授权码流程。
Here is how my client definition looks like这是我的客户端定义的样子
new Client
{
ClientId = "Xamarin",
ClientName = "Xamarin Client",
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
"api1"
},
RequireConsent = false
}
And from my xamarin app, this is how I connect to the identity server.从我的 xamarin 应用程序中,这就是我连接到身份服务器的方式。
void LoginButton_Clicked(object sender, EventArgs e)
{
StartFlow("token", "api1");
}
public void StartFlow(string responseType, string scope)
{
var authorizeRequest =
new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");
var dic = new Dictionary<string, string>();
dic.Add("client_id", "Xamarin");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
webLogin.Source = authorizeUri;
webLogin.IsVisible = true;
}
I get the the error "unauthorized_client" in the mobile app, and in my logs in server is shows:我在移动应用程序中收到错误“unauthorized_client”,并且在我的服务器登录中显示:
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: implicit
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
But if you check my code I do not have a implict flow for this client type.但是如果你检查我的代码,我没有这个客户端类型的隐式流程。 And I have double checked my database to ensure that it is authorization_code.
我已经仔细检查了我的数据库以确保它是authorization_code。 I appreciate if someone could help me fixing this.
如果有人能帮我解决这个问题,我很感激。
It does not look as though idsrv4 supports code
, code token
nor code id_token token
as response_type
at the moment - only code id_token
.目前看来 idsrv4 并不支持
code
、 code token
或code id_token token
作为response_type
- 仅code id_token
。 At least the current demo site fails when trying the test client and a /authorize
request using the server.code
client.至少当前的演示站点在使用
server.code
客户端尝试测试客户端和/authorize
请求时失败。
The only working client I found related to authorization code was with a Hybrid setup ( code id_token
/ server.hybrid
):我发现与授权代码相关的唯一工作客户端是混合设置(
code id_token
/ server.hybrid
):
https://demo.identityserver.io/connect/authorize?
client_id=server.hybrid&
response_type=code id_token&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2
Not sure why that is, as it's already in the list of supported_response_types
in the discovery document.不知道为什么会这样,因为它已经在发现文档中的
supported_response_types
列表中。 Maybe Dominic/Brock can fill in.也许多米尼克/布洛克可以填补。
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
Non working code flow auth request ( unsupported_response_type
):非工作代码流身份验证请求(
unsupported_response_type
):
https://demo.identityserver.io/connect/authorize?
client_id=server.code&
response_type=code&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.