[英]How to create a client_secret for IdentityServer4?
I am creating an Authentication Server using IdentityServer4.我正在使用 IdentityServer4 创建一个身份验证服务器。
I am creating a client that will be accessed using Resource Owner Password Credentials.我正在创建一个将使用资源所有者密码凭据访问的客户端。
But I am wondering what should be the client_id and client_secret.但我想知道 client_id 和 client_secret 应该是什么。
Should the client_id be a human-readable name of the client for eg app name or it should be a random number or string? client_id 应该是客户端的人类可读名称,例如应用程序名称,还是应该是随机数或字符串?
The client_secret is a string but what should be its value? client_secret 是一个字符串,但它的值应该是什么? A UUID?一个UUID? a random string?一个随机字符串? base64 string? base64 字符串?
I went through IdentityServer4 and OpenId documentation but could not find any guidance.我浏览了 IdentityServer4 和 OpenId 文档,但找不到任何指导。
Here's the example they have provided in their docs.这是他们在文档中提供的示例。
new Client
{
ClientId = "client",
// no interactive user, use the clientid/secret for authentication
AllowedGrantTypes = GrantTypes.ClientCredentials,
// secret for authentication
ClientSecrets =
{
new Secret("secret".Sha256())
},
// scopes that client has access to
AllowedScopes = { "api1" }
}
As you can see in the example, they have set up a human-friendly client_id.正如您在示例中看到的,他们设置了一个人性化的 client_id。
Github: 6779ef20e75817b79602
Google: 292085223830.apps.googleusercontent.com
Instagram: f2a1ed52710d4533bde25be6da03b6e3
Windows Live: 00000000400ECB04
Read more about secrets for IdentityServer4 here 在此处阅读有关 IdentityServer4 机密的更多信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.