为 discourse-openid-connect 正确地将客户端机密存储在数据库中
[英]Correctly store Client Secrets in database for discourse-openid-connect
问题描述
I have used a Discourse Docker image to get Discourse running, and used the following openid-connect plugin so that users can signup / login to our forum via our web app which is using IdentityServer4
我使用了 Discourse Docker 图像来运行 Discourse,并使用了以下openid-connect插件,以便用户可以通过使用 IdentityServer4 的 web 应用程序注册/登录我们的论坛
I can get it working if I don't require client secrets, but when I set it to require client secrets, authorization fails.如果我不需要客户端机密,我可以让它工作,但是当我将它设置为需要客户端机密时,授权失败。
[plugin settings][1] [插件设置][1]
I added the client secret in the plugin as you can see the settings in the image, and then added the secrets in plain-text to the relevant cell in the database.我在插件中添加了客户端密码,您可以在图像中看到设置,然后将纯文本密码添加到数据库中的相关单元格中。
I assume the fact it works without requiring secrets but then fails when I require it, is because Discourse plugin will be processing the secret in some way, like sha256 etc, and that is why its failing, as I have stored the password in plain-text and its not matching the processed secret given by Discourse.我假设它不需要秘密就可以工作,但是当我需要它时会失败,这是因为 Discourse 插件将以某种方式处理秘密,比如 sha256 等,这就是它失败的原因,因为我已经以明文形式存储了密码-文本及其与 Discourse 给出的已处理秘密不匹配。
Does anyone have any ideas what process I would need to put my secrets through to store it correctly in the database, so that authentication succeeds?有谁知道我需要什么过程才能将我的秘密正确存储在数据库中,以便身份验证成功? or is my issue likely something else?还是我的问题可能是别的?
Appreciate any help感谢任何帮助
1 个解决方案
解决方案1
0 2020-07-24 16:58:01
Default type of secret is shared secret on IdentityServer.默认类型的秘密是 IdentityServer 上的共享秘密。 To define a shared secret you can use Sha256 extension method .要定义共享密钥,您可以使用Sha256 扩展方法。 Run sth like the code bellow for ur secret and save the result in DB像下面的代码一样运行你的秘密并将结果保存在数据库中
"secret".Sha256()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.