IdentityServer3 拒绝出现在 openid "wellknown" 配置中的响应类型
IdentityServer3 rejecting responsetypes that appear in openid "wellknown" configuration
我正在努力学习 IdentityServer,以便我可以在我的工作场所实现单点登录。我在本地有一个 POC 服务 运行,当我请求配置时,这是显示的配置:
{"issuer":"https://localhost:44345/core","jwks_uri":"https://localhost:44345/core/.well-known/jwks","authorization_endpoint":"https://localhost:44345/core/connect/authorize","token_endpoint":"https://localhost:44345/core/connect/token","userinfo_endpoint":"https://localhost:44345/core/connect/userinfo","end_session_endpoint":"https://localhost:44345/core/connect/endsession","check_session_iframe":"https://localhost:44345/core/connect/checksession","revocation_endpoint":"https://localhost:44345/core/connect/revocation","introspection_endpoint":"https://localhost:44345/core/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"scopes_supported":["openid","profile","email","roles","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at","email","email_verified","role"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"grant_types_supported":["authorization_code","client_credentials","password","refresh_token","implicit"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic"]}
作为其中的一部分,您可以看到:
"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"]
但是,当我向服务发送请求时,url 中的 responseType=id_token,我收到错误消息:
授权服务器不支持请求的响应类型。
我尝试了其他 responseType 值,但仍然收到此错误消息。
我基本上是网络安全和 IdentityServer 的初学者,所以我确定我缺少一些非常基础的东西。
这很愚蠢。我在网上查看的所有 IdentityServer 示例都将参数显示为 responseTypes(驼峰式)。我想这些例子一定都是针对旧版本的平台完成的。
要发送的正确参数名称是 response_types。
以下网站列出了您可以发送到授权端点的可能参数列表:
- OpenId RFC:http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- 身份服务器文档:https://identityserver.github.io/Documentation/docsv2/endpoints/authorization.html
正确的参数是“response_type”而不是“response_types”:)
我正在努力学习 IdentityServer,以便我可以在我的工作场所实现单点登录。我在本地有一个 POC 服务 运行,当我请求配置时,这是显示的配置:
{"issuer":"https://localhost:44345/core","jwks_uri":"https://localhost:44345/core/.well-known/jwks","authorization_endpoint":"https://localhost:44345/core/connect/authorize","token_endpoint":"https://localhost:44345/core/connect/token","userinfo_endpoint":"https://localhost:44345/core/connect/userinfo","end_session_endpoint":"https://localhost:44345/core/connect/endsession","check_session_iframe":"https://localhost:44345/core/connect/checksession","revocation_endpoint":"https://localhost:44345/core/connect/revocation","introspection_endpoint":"https://localhost:44345/core/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"scopes_supported":["openid","profile","email","roles","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at","email","email_verified","role"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"grant_types_supported":["authorization_code","client_credentials","password","refresh_token","implicit"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic"]}
作为其中的一部分,您可以看到:
"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"]
但是,当我向服务发送请求时,url 中的 responseType=id_token,我收到错误消息:
授权服务器不支持请求的响应类型。
我尝试了其他 responseType 值,但仍然收到此错误消息。
我基本上是网络安全和 IdentityServer 的初学者,所以我确定我缺少一些非常基础的东西。
这很愚蠢。我在网上查看的所有 IdentityServer 示例都将参数显示为 responseTypes(驼峰式)。我想这些例子一定都是针对旧版本的平台完成的。
要发送的正确参数名称是 response_types。
以下网站列出了您可以发送到授权端点的可能参数列表:
- OpenId RFC:http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- 身份服务器文档:https://identityserver.github.io/Documentation/docsv2/endpoints/authorization.html
正确的参数是“response_type”而不是“response_types”:)