[英]IdentityServer4 Invalid Redirect_Uri Error
我创建了 3 个单独的项目,web api 项目,web mvc 项目和 asp.net 核心应用程序。 我正在使用具有 asp.net 核心标识的 IdentityServer4。 我有一个包含TestUsers
信息的项目解决方案id
。 在RedirectUris = {"https://localhost:5444/signin-oidc"}
,我将其重定向到项目WeatherMVC
。 所有三个文件上的 launchsettings.json 都是正确的, RedirectUris
也是正确的。 是不是我做错了什么导致我收到这条消息?
weatherapi project
:
----startup.cs
:
namespace weatherapi
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication("Bearer", options =>
{
options.ApiName = "weatherapi";
options.Authority = "https://localhost:5443";
});
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "weatherapi", Version = "v1" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "weatherapi v1"));
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
----launchsettings.json
:
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:52575",
"sslPort": 44354
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "swagger",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"weatherapi": {
"commandName": "Project",
"dotnetRunMessages": "true",
"launchBrowser": true,
"hotReloadProfile": "aspnetcore",
"launchUrl": "swagger",
"applicationUrl": "https://localhost:5445;http://localhost:5002",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
WeatherMVC Project
:
----launchsettings.json
:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:65206",
"sslPort": 44398
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"WeatherMVC": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5444;http://localhost:5001"
}
}
}
这两个项目在一个解决方案下,我执行多个启动项目。
在另一个项目中,名为id
...
id project
:
----launchsettings.json
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:19916",
"sslPort": 44341
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"id": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"hotReloadProfile": "aspnetcore",
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5443;http://localhost:5000"
}
}
}
在 Config.cs 下面的Config.cs
中,我有执行Redirect_uri
的代码:
public static IEnumerable<Client> Clients =>
new[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},
AllowedScopes = {"weatherapi.read", "weatherapi.write"}
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = {"https://localhost:5444/signin-oidc"},
FrontChannelLogoutUri = "https://localhost:5444/signout-oidc",
PostLogoutRedirectUris = {"https://localhost:5444/signout-callback-oidc"},
AllowOfflineAccess = true,
AllowedScopes = {"openid", "profile", "weatherapi.read"},
RequirePkce = true,
RequireConsent = true,
AllowPlainTextPkce = false
},
};
}
}
----startup.cs
:
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddInMemoryClients(Config.Clients)
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddTestUsers(Config.Users)
.AddDeveloperSigningCredential();
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseStaticFiles();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
}
}
更新
按照建议在program.cs
中添加调试器后:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
})
.ConfigureLogging(builder =>
{
builder.SetMinimumLevel(LogLevel.Debug);
builder.AddFilter("IdentityServer4", LogLevel.Debug);
});
我终于注意到它正在使用它的sslPort: 44398
调用属于名为WeatherMVC
的项目的重定向 uri。 请参阅该weathermvc projcect
launchsettings.json
似乎无法理解为什么如果我没有将它设置为该 URI,它会重定向该 URI。
WeatherApi 是 IdentityServer 的客户端,当它进行身份验证时,它会告诉 IdentityServer 其重定向 uri。 IdentityServer 检查其允许的重定向 uri 并在找到匹配项时进行重定向。
此代码指定一个有效重定向 uri 的列表,而不是重定向 uri。
RedirectUris = {"https://localhost:5444/signin-oidc"},
您在 launchsettings.json 中有 IISExpress 和 Kestrel 设置,我认为您的launchsettings.json
项目只是使用它找到的第一个设置作为重定向 uri。
一些可能的解决方案是:
将 WeatherApi 的其他 uri 添加到允许的 uri 例如
RedirectUris = {
"https://localhost:5444/signin-oidc", "https://localhost:44398/signin-oidc"},
您还可以在launchsettings.json
中更改 Kestrel,让 WeatherApi 使用相同的端口
"applicationUrl": "https://localhost:44398;http://localhost:65206"
我认为您的项目基于本教程。 这可能有助于人们遵循所涉及的步骤。 它还有一个代码链接。
我遇到了同样的错误,因为我错过了使用“http”添加的 URL,而它需要“https”。 确认您添加的 URL 带有“https”而不是“http”。
public static class RedirectUrls
{
public const string WebSigninURI = "https://localhost:44332/signin-oidc";
public const string WebSignOutURI = "https://localhost:44332/signout-callback-oidc";
}
如果有人对数据库有类似的问题。 在 table.ClientRedirectUris 中检查你的 uri
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.