[英]How to Get token from Duende Identity Server (IdentityServer4)
There are a few days I am reading the Duende Identity server (IdentityServer4) so I know about the different concepts and their usages such as Scopes, Resources, Client...有几天我在阅读 Duende 身份服务器 (IdentityServer4),所以我了解不同的概念及其用法,例如范围、资源、客户端......
The area I am confused about it is the clients.我感到困惑的领域是客户。 So I integrated the AspIdentity as an ApplicationUser in the IdentityServer (you can find the configs below in the code sections) but when I want to call the /connect/token which is a pre-defined endpoint from Duende, it needs to add ClientId and Secret but I want to use Username and the password of my registered user.
所以我将 AspIdentity 作为 ApplicationUser 集成到 IdentityServer 中(您可以在下面的代码部分找到配置)但是当我想调用 /connect/token 这是 Duende 的预定义端点时,它需要添加 ClientId 和秘密,但我想使用我注册用户的用户名和密码。
So the idea that comes to my mind is to Create a custom endpoint: after validating the user's credentials using SignInManager then I will find the Users client and then sign in to the Duende IdentityServer however I tried to do that but it is a bit inconvenience way to have an HTTP-call again to the same service to get the token of the User.所以我想到的想法是创建一个自定义端点:在使用 SignInManager 验证用户的凭据之后,我将找到用户客户端,然后登录到 Duende IdentityServer,但是我尝试这样做,但是有点不方便再次对同一服务进行 HTTP 调用以获取用户的令牌。
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite(connectionString));
builder.Services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
builder.Services.AddSwaggerGen();
builder.Services
.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.EmitStaticAudienceClaim = true;
})
.AddAspNetIdentity<ApplicationUser>()
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b =>
b.UseSqlite(connectionString, dbOpts => dbOpts.MigrationsAssembly(typeof(Program).Assembly.FullName));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b =>
b.UseSqlite(connectionString, dbOpts => dbOpts.MigrationsAssembly(typeof(Program).Assembly.FullName));
options.EnableTokenCleanup = true;
options.RemoveConsumedTokens = true;
});
builder.Services.AddAuthentication();
if I can solve this issue in a convenient way so the other steps are very obvious and straightforward.如果我能以方便的方式解决此问题,那么其他步骤将非常明显和直接。
The clientID and secrets are meant to identify the application that wants to connect to IdentityServer and not the user; clientID 和 secrets 用于识别想要连接到 IdentityServer 的应用程序而不是用户; why can you not use clientID/secret for what it is intended for?
为什么不能将 clientID/secret 用于其预期用途?
Also, the main purpose of OpenID connect is to not let the client application ever touch or see the user's username/password.此外,OpenID 连接的主要目的是不让客户端应用程序接触或查看用户的用户名/密码。 That is why we delegate the authentication to IdentityServer.
这就是我们将身份验证委托给 IdentityServer 的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.