调用身份服务器令牌端点
[英]Calling Identity Server Token EndPoint
问题描述
I want to call the Token Endpoint of IdentityServer 4 from my React App (running on http://localhost:3000 ). 
我想从我的React App中调用IdentityServer 4的令牌端点 (在http://localhost:3000 )。 So in some login method I am doing: 因此,在某些登录方法中,我正在执行以下操作:
login = () => {
const userdata = {
username: 'admin',
password: 'admin',
};
const dataForBody = `${'client_id=js&'}${'grant_type=password&' +
'username='}${encodeURI(userdata.username)}&` +
`password=${encodeURI(userdata.password)}&` +
`scope=${encodeURI('api1')}`;
const messageHeaders = {
'Content-Type': 'application/x-www-form-urlencoded',
};
axios({
method: 'post',
url: 'http://localhost:5000/connect/token',
headers: messageHeaders,
data: dataForBody,
})
.then((response) => {
console.log(response);
});
}
Now I am getting the following response: 现在,我得到以下响应:
{"error":"unauthorized_client"}
My IdSrv set up is something like the js application sample. 我的IdSrv设置类似于js应用程序示例。
config.cs config.cs
namespace QuickstartIdentityServer
{
public class Config
{
// scopes define the API resources in your system
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API")
};
}
// client want to access resources (aka scopes)
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "js",
ClientName = "JavaScript Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:3000/login" },
AllowedCorsOrigins = { "http://localhost:3000" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
}
}
};
}
public static List<TestUser> GetUsers()
{
return new List<TestUser> {
new TestUser {
SubjectId = "1", Username = "admin", Password = "admin"
},
};
}
}
}
startup.cs startup.cs
namespace QuickstartIdentityServer
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers());
}
public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(LogLevel.Debug);
app.UseDeveloperExceptionPage();
app.UseIdentityServer();
}
}
}
Am I missing something? 我想念什么吗?
2 个解决方案
解决方案1
2 已采纳 2017-02-03 17:04:18
The problem is in the client definition: 问题出在客户端定义中:
AllowedGrantTypes = GrantTypes.Implicit,
is not correct. 是不正确的。 We have to use instead: 我们必须使用:
AllowedGrantTypes = ResourceOwnerPassword
解决方案2
1 2017-02-03 15:42:47
The immediate problem that jumps out is that you are attempting to authenticate with the token service by passing the username and password as URL parameters. 出现的直接问题是,您正在尝试通过将用户名和密码作为URL参数传递来对令牌服务进行身份验证。 The client's username and password should be passed in using a standard basic authorization header: 客户端的用户名和密码应使用标准的基本授权标头传递:
Authorization: Basic Base64Encode(myusername:mypassword)
Which for this example would end up looking like this: 对于本示例,最终结果将如下所示:
Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.