[英]ASP.NET Core Openiddict throws “An OpenID Connect response cannot be returned from this endpoint”
I follow instruction in openiddict server example using password flow from https://github.com/openiddict/openiddict-samples/tree/master/samples/PasswordFlow but have no success. 我遵循来自https://github.com/openiddict/openiddict-samples/tree/master/samples/PasswordFlow的密码流在openiddict服务器示例中的说明,但没有成功。
It throws InvalidOperationException: An OpenID Connect response cannot be returned from this endpoint at route /connect/token : 它引发InvalidOperationException:无法从此端点在路由/ connect / token处返回OpenID Connect响应 :
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
Postman params: 邮递员参数:
I spent my day for researching but there is no information about cannot be returned from this endpoint exception. 我花了一天的时间进行研究,但是没有有关无法从此端点异常返回的信息。 And many people can run openiddict example except me.
除了我之外,许多人都可以运行openiddict示例。
Here is apart of Startup.cs: 这是Startup.cs的一部分:
services.AddEntityFrameworkSqlite()
.AddDbContext<MisapayContext>(options =>
{
options.UseOpenIddict<int>();
});
//....
services.AddOpenIddict<int>()
.AddEntityFrameworkCoreStores<MisapayContext>()
.DisableHttpsRequirement()
.EnableTokenEndpoint("/connect/token")
.EnableLogoutEndpoint("/connect/logout")
.EnableUserinfoEndpoint("/connect/userinfo")
.UseJsonWebTokens()
.AllowPasswordFlow()
.AllowRefreshTokenFlow()
.AddEphemeralSigningKey();
services.AddMvc(config =>
{
config.Filters.Add(new ApiExceptionFilter());
}).AddJsonOptions(options =>
{
options.SerializerSettings.Formatting = Newtonsoft.Json.Formatting.Indented;
options.SerializerSettings.DateTimeZoneHandling = Newtonsoft.Json.DateTimeZoneHandling.Local;
});
Edited: I think problem is OpenIdConnectRequest , it can not be binded if use: 编辑:我认为问题是OpenIdConnectRequest ,如果使用,则不能绑定:
OpenIddictBuiler.AddMvcBinders()
Will throws The OpenID Connect request cannot be retrieved from the ASP.NET context.` 将会抛出无法从ASP.NET上下文检索OpenID Connect请求。
Otherwise, remove it, OpenIdConnectRequest in AuthorizationController can get properly. 否则,将其删除,即可正确获得AuthorizationController中的OpenIdConnectRequest。 And I can get request information such as username, password grantType etc... Strange... right?
而且我可以获取请求信息,例如用户名,密码grantType等...奇怪...对吗?
Some other information: 其他一些信息:
Any help will be appreciated! 任何帮助将不胜感激!
Okay, here's what's happening: 好的,这是正在发生的事情:
/connect/token
as the token endpoint address. /connect/token
作为令牌端点地址。 /connect/token/
, which is actually a totally different URL ( /connect/token
!= /connect/token/
). /connect/token/
,它实际上是一个完全不同的URL( /connect/token
!= /connect/token/
)。 /connect/token/
request and invokes the Exchange
action, even though the route doesn't match the requested URL. /connect/token/
请求并调用Exchange
操作。 OpenIdConnectRequest
object, which allows the OpenIdConnectRequest.GrantType
parameter to be resolved from the invalid grantType
parameter (it wouldn't happen with the dedicated OpenIddict binder). OpenIdConnectRequest
对象,这使得OpenIdConnectRequest.GrantType
参数从无效解决grantType
参数(它不会与专用发生OpenIddict活页夹)。 SignIn
to return a token response. SignIn
返回令牌响应。 SignIn
outside the normal token request processing - since it didn't consider the request as a token request, due to the paths difference - and aborts this unsafe operation by throwing an InvalidOperationException
. SignIn
(由于路径差异,由于它不将请求视为令牌请求),因此抛出InvalidOperationException
异常中止了此不安全的操作。 I'll ping the MVC folks to make sure they are aware of this bug. 我将对MVC人员进行ping操作,以确保他们知道此错误。
Edit: after some research, it looks like this behavior is "by design" and was inherited from ASP.NET MVC. 编辑:经过一些研究,看来此行为是“设计使然”的,并且是从ASP.NET MVC继承的。 I opened a feature request in the aspnet/Mvc repository to add a new way to use "strict comparison" for routes matching.
我在aspnet / Mvc存储库中打开了一个功能请求,以添加一种使用“严格比较”进行路由匹配的新方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.