[英]Identity Server 4, API unauthorized to call introspection endpoint
I hope someone can point me in the right direction. 我希望有人能指出我正确的方向。
I am trying to let an javascript client communicate with an api with the help of reference tokens. 我试图让javascript客户端在引用令牌的帮助下与api通信。 I am using Identity Server 4.
我正在使用Identity Server 4。
What is going OK: 什么是好的:
On login the javascript client/webapplicatoin gets routed to Identity server for user and password validation On success the user gets routed back to the javascript/webapplication and has a valid IdentityToken 登录时,javascript客户端/ webapplicatoin被路由到身份服务器以进行用户和密码验证成功后,用户将被路由回javascript / webapplication并具有有效的IdentityToken
What is NOT going OK: 什么是不行的:
When the javascript client/webapplication makes a call to my Api, the request gets received by the api. 当javascript客户端/ web应用程序调用我的Api时,api会收到请求。 Then the api wants to check the received identity Token with Identity Server to get an access token, but fails to contact the server with te following error in the console:
然后api想要通过Identity Server检查收到的身份令牌以获取访问令牌,但是在控制台中无法通过以下错误联系服务器:
fail: IdentityServer4.Validation.ApiSecretValidator[0] API validation failed. fail: IdentityServer4.Endpoints.IntrospectionEndpoint[0] API unauthorized to call introspection endpoint. aborting.
Pretty clear the Api is not allowed to communicate with te server... 非常清楚Api不允许与te服务器通信...
I think I have a configuration error somewhere but I just cant see where. 我想我在某个地方有配置错误,但我不知道在哪里。 Tried all kind of different set-ups, I am out of ideas to try or to change...
试过各种不同的设置,我没有尝试或改变的想法......
This is what I have untill now: 这就是我现在直到现在的情况:
For the javascript client: 对于javascript客户端:
I use the oidc-redux package, the config I use: 我使用oidc-redux包,我使用的配置:
var userManagerConfig = {
authority: "http://localhost:50289",
redirect_uri: "http://localhost:3000/callback",
client_id : "js",
response_type : "id_token",
scope :"openid",
};
Identity Server 4 Configs Identity Server 4配置
Client definition: 客户定义:
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "js",
ClientName = "my js client",
AllowedGrantTypes = GrantTypes.Implicit,
RequireClientSecret = false,
RequireConsent = false,
RedirectUris = { "http://localhost:3000/callback" },
PostLogoutRedirectUris = { "http://localhost:3000" },
AllowAccessTokensViaBrowser = false,
AllowedCorsOrigins = { "http://localhost:3000" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"myApi"
}
}
};
}
Api resources definition: Api资源定义:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("myApi")
{
ApiSecrets =
{
new Secret("superweaksecret")
}
}
};
}
in Configure service I add it all together in the container: 在配置服务中,我将它们一起添加到容器中:
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddProfileService<CustomClaimService>()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>();
The Api setup Api设置
Based on .net Core, in the ConfigureService method I have the following: 基于.net Core,在ConfigureService方法中,我有以下内容:
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:50289";
options.RequireHttpsMetadata = false;
options.ApiSecret = "superweaksecret";
options.ApiName = "myApi";
options.EnableCaching = false;
});
Hope someone sees my error. 希望有人看到我的错误。
If I missed information or code needed for a proper awnser, please let me know. 如果我错过了正确的芒果所需的信息或代码,请告诉我。
Kind regards, Roel 亲切的问候,罗尔
IdentityServer expects shared secrets to be hashed. IdentityServer期望对共享机密进行哈希处理。
new ApiResource("myApi") {
ApiSecrets = {
new Secret("superweaksecret".Sha512())
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.