Openiddict 可以创建令牌但似乎无效

Question

following problem I can create a token but when I use it the authentication failed, I try to copy from an example but I had problems because some methods are not "there". (like principal.SetScopes, but it seems to be exist in the Github repository and in other examples) The only error I get is the failure of the AuthorizationFilter. Here the method for creating the token

 [HttpPost("~/connect/token"), Produces("application/json")]
    public async Task<IActionResult> Exchange(OpenIdConnectRequest connectRequest)
    {
        if (connectRequest.IsPasswordGrantType())
        {
            var user = await _userManager.FindByNameAsync(connectRequest.Username);

            if (user == null)
            {
                return Forbid(
                    authenticationSchemes: OpenIddictServerDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties(new Dictionary<string, string>
                    {
                        [OpenIdConnectConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
                        [OpenIdConnectConstants.Properties.ErrorDescription] = "The username/password couple is invalid."
                    }));
            }

        var result = await _signInManager.CheckPasswordSignInAsync(user, connectRequest.Password, lockoutOnFailure: true);
        if (!result.Succeeded)
        {
            return Forbid(
                authenticationSchemes: OpenIddictValidationDefaults.AuthenticationScheme,
                properties: new AuthenticationProperties(new Dictionary<string, string>
                {
                    [OpenIdConnectConstants.Properties.Error] = Errors.InvalidGrant,
                    [OpenIdConnectConstants.Properties.ErrorDescription] = "The username/password couple is invalid."
                }));
        }

        var principal = await _signInManager.CreateUserPrincipalAsync(user);

        //principal.SetScopes(new[]
        //{
        //    Scopes.OpenId,
        //    Scopes.Email,
        //    Scopes.Profile,
        //    Scopes.Roles
        //}.Intersect(connectRequest.GetScopes()));

        //foreach (var claim in principal.Claims)
        //{
        //    claim.SetDestinations(GetDestinations(claim, principal));
        //}

        var sign = SignIn(principal, OpenIddictServerDefaults.AuthenticationScheme);
        return sign;
    }

    throw new Exception("Not supported");
}
    
 Here is my startup




public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<DocumentiveContext>((provider, builder) =>
        {
            var configuration = provider.GetService<IConfiguration>();
            builder.UseSqlServer(configuration.GetConnectionString("connectionString"));
            builder.UseOpenIddict();
        });

    services.AddIdentity<ApplicationUser, IdentityRole>(options =>
        {

        })
        .AddEntityFrameworkStores<DocumentiveContext>()
        .AddDefaultTokenProviders();

    services.ConfigureApplicationCookie(options =>
    {
        options.Events.OnRedirectToAccessDenied = context =>
        {
            context.Response.StatusCode = 401;
            return Task.CompletedTask;
        };
        options.Events.OnRedirectToLogin = context =>
        {
            context.Response.StatusCode = 401;
            return Task.CompletedTask;
        };
    });

    services.Configure<IdentityOptions>(options =>
    {
        options.ClaimsIdentity.UserNameClaimType = Claims.Name;
        options.ClaimsIdentity.UserIdClaimType = Claims.Subject;
        options.ClaimsIdentity.RoleClaimType = Claims.Role;
    });

    services.AddAuthentication(options =>
        options.DefaultScheme = OpenIddictValidationDefaults.AuthenticationScheme);

    services.AddOpenIddict(builder =>
    {
        builder.AddCore(coreBuilder => coreBuilder.UseEntityFrameworkCore().UseDbContext<DocumentiveContext>());
        builder.AddServer(serverBuilder =>
        {
            serverBuilder.UseMvc();
            //serverBuilder.EnableTokenEndpoint("/connect/token");

            serverBuilder.EnableAuthorizationEndpoint("/connect/authorize")
                .EnableLogoutEndpoint("/connect/logout")
                .EnableTokenEndpoint("/connect/token")
                .EnableUserinfoEndpoint("/connect/userinfo")
                .EnableUserinfoEndpoint("/connect/verify");
            serverBuilder.AllowPasswordFlow();
            serverBuilder.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, "demo_api");
            serverBuilder.AddDevelopmentSigningCertificate();


            serverBuilder.AcceptAnonymousClients();
            serverBuilder.DisableHttpsRequirement();
        });
        builder.AddValidation(validationBuilder =>
        {
        });

    });

    services.AddMvc(options => options.EnableEndpointRouting = false);

    services.AddGrpc();
    services.AddTransient<IUserInformationService, UserInformationService>();
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    app.UseRouting();

    app.UseAuthentication();
    app.UseStaticFiles();
    app.UseSerilogRequestLogging();
    app.UseAuthorization();

    app.UseMvcWithDefaultRoute();
    app.UseEndpoints(endpoints =>
    {
        endpoints.MapGrpcService<GreeterService>();

        endpoints.MapGet("/", async context =>
        {
            await context.Response.WriteAsync("Communication with gRPC endpoints must be made through a gRPC client. To learn how to create a client, visit: https://go.microsoft.com/fwlink/?linkid=2086909");
        });
    });
}

}

Any idea?

Answer 1

After updating to the newest Version 3 of Openiddict, it works. Also I needed to set the Authentication Scheme in the attribute.

[Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]