[英]Invalid scope when trying to authenticate using OpenIDConnect from a .NET Core Web App
So I am having an rather unusual issue when trying to setup OpenIDConnect inside a .NET Core App for authentication.因此,当我尝试在 .NET 核心应用程序中设置 OpenIDConnect 以进行身份验证时,我遇到了一个相当不寻常的问题。
I have ran a test using Okta and everything was working fine but then when switching the details to au.neticate using a different service I am getting the following error.我已经使用 Okta 进行了测试并且一切正常,但是当使用不同的服务将详细信息切换到 au.neticate 时,我收到以下错误。
OpenIdConnectProtocolException: Message contains error: 'invalid_scope', error_description: 'The requested scope is invalid, unknown, malformed, or exceeds that which the client is permitted to request.', error_uri: 'error_uri is null'.
Everything looks to be set correctly in the Program.cs file with the following一切看起来都在 Program.cs 文件中正确设置了以下内容
.AddOpenIdConnect(o =>
{
o.SignInScheme = "Cookies";
o.ClientId = config.GetSection("SsoConfig:ClientId").Value;
o.ClientSecret = config.GetSection("SsoConfig:ClientSecret").Value;
o.Authority = config.GetSection("SsoConfig:Authority").Value;
o.SignedOutRedirectUri = config.GetSection("SsoConfig:SignedOutRedirectUri").Value;
o.ResponseType = "code";
o.Scope.Add("openid");
o.Scope.Add("profile")
}
Any ideas what might cause this error?任何想法可能会导致此错误? From what I can see everything is setup correctly and when using Okta it works but the other provider we are switching to it is failing with the above error.
据我所知,一切都已正确设置,并且在使用 Okta 时它可以正常工作,但我们切换到它的其他提供商因上述错误而失败。 It is a 3rd party service used by a client that we have having to connect to so we have provided the same details I entered on Okta so I know they should work.
这是我们必须连接到的客户端使用的第 3 方服务,因此我们提供了我在 Okta 上输入的相同详细信息,因此我知道它们应该可以工作。
Maybe I have missed something obvious but the documentation shows the above as the way to do it.也许我错过了一些明显的东西,但文档显示了上面的方法。
For reference it is a .NET 6 Core Web App and the library I am using is Microsoft.AspNetCore.Authentication.OpenIdConnect (6.0.9)作为参考,它是一个 .NET 6 Core Web 应用程序,我使用的库是 Microsoft.AspNetCore.Authentication.OpenIdConnect (6.0.9)
Many thanks.非常感谢。
Although, I am very late to answer this, but I also faced the same issue today while authenticating with AWS Cognito.虽然,我回答这个问题已经很晚了,但我今天在使用 AWS Cognito 进行身份验证时也遇到了同样的问题。
I found that AddOpenIdConnect
method adds 2 two scopes by default - openid
& profile
, and that creates the problem.我发现
AddOpenIdConnect
方法默认添加了 2 个两个范围 - openid
& profile
,这就产生了问题。
As a solution, I just cleared the default scopes and added the required ones manually.作为解决方案,我只是清除了默认范围并手动添加了所需的范围。
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme , options =>
{
.
.
.
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("phone");
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.