带有证明密钥令牌请求的授权代码导致无效的客户端响应
Authorization Code with Proof Key token request results in invalid client response
我目前正在评估 AppAuth (https://appauth.io/) 与当前使用 IdentityServer3 的 STS 一起用于本机移动应用程序。我配置了这样的客户端:
new IdentityServer3.Core.Models.Client
{
Enabled = true,
ClientId = "app",
ClientName = "app",
ClientUri = "app:/",
Flow = Flows.AuthorizationCodeWithProofKey,
RequireConsent = false,
RequireSignOutPrompt = false,
SlidingRefreshTokenLifetime = 28800,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List<string>
{
"app:/signin"
},
PostLogoutRedirectUris = new List<string>
{
"app:/signout"
},
AllowedScopes = new List<string>
{
StandardScopes.OpenId.Name.Name,
StandardScopes.Email.Name.Name,
StandardScopes.Profile.Name.Name,
StandardScopes.Roles.Name.Name,
StandardScopes.OfflineAccess.Name,
}
}
初始授权请求成功,IdentityServer3 return是一个授权码。现在我尝试了后续的令牌请求,这导致 HTTP 400 出现 invalid_client 错误,并且 IdentityServer3 日志中出现以下消息:
2018-04-17 10:16:38.324 +02:00 [Information] Start token request
2018-04-17 10:16:38.324 +02:00 [Debug] Start client validation
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing Basic Authentication secret
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing for secret in post body
2018-04-17 10:16:38.324 +02:00 [Debug] No secret in post body found
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing for X.509 certificate
2018-04-17 10:16:38.324 +02:00 [Debug] X.509 certificate not found.
2018-04-17 10:16:38.324 +02:00 [Information] Parser found no secret
2018-04-17 10:16:38.324 +02:00 [Information] No client secret found
2018-04-17 10:16:38.324 +02:00 [Information] End token request
2018-04-17 10:16:38.324 +02:00 [Information] Returning error: invalid_client
我是不是理解有误,或者为什么 IdentityServer3 return 不是访问令牌?
您需要在 Authorization Code 流的令牌请求中验证 Client。所以你需要为你的客户端设置ClientSecrets。
new IdentityServer3.Core.Models.Client
{
/// your properties
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
}
}
并且您需要在令牌请求中发送 client_secret 作为查询字符串。
或者您可以使用 BasicAuthentication。在这种情况下,您需要在身份验证 header.
中添加 Base64(ClientId:ClientSecret)
我目前正在评估 AppAuth (https://appauth.io/) 与当前使用 IdentityServer3 的 STS 一起用于本机移动应用程序。我配置了这样的客户端:
new IdentityServer3.Core.Models.Client
{
Enabled = true,
ClientId = "app",
ClientName = "app",
ClientUri = "app:/",
Flow = Flows.AuthorizationCodeWithProofKey,
RequireConsent = false,
RequireSignOutPrompt = false,
SlidingRefreshTokenLifetime = 28800,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List<string>
{
"app:/signin"
},
PostLogoutRedirectUris = new List<string>
{
"app:/signout"
},
AllowedScopes = new List<string>
{
StandardScopes.OpenId.Name.Name,
StandardScopes.Email.Name.Name,
StandardScopes.Profile.Name.Name,
StandardScopes.Roles.Name.Name,
StandardScopes.OfflineAccess.Name,
}
}
初始授权请求成功,IdentityServer3 return是一个授权码。现在我尝试了后续的令牌请求,这导致 HTTP 400 出现 invalid_client 错误,并且 IdentityServer3 日志中出现以下消息:
2018-04-17 10:16:38.324 +02:00 [Information] Start token request
2018-04-17 10:16:38.324 +02:00 [Debug] Start client validation
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing Basic Authentication secret
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing for secret in post body
2018-04-17 10:16:38.324 +02:00 [Debug] No secret in post body found
2018-04-17 10:16:38.324 +02:00 [Debug] Start parsing for X.509 certificate
2018-04-17 10:16:38.324 +02:00 [Debug] X.509 certificate not found.
2018-04-17 10:16:38.324 +02:00 [Information] Parser found no secret
2018-04-17 10:16:38.324 +02:00 [Information] No client secret found
2018-04-17 10:16:38.324 +02:00 [Information] End token request
2018-04-17 10:16:38.324 +02:00 [Information] Returning error: invalid_client
我是不是理解有误,或者为什么 IdentityServer3 return 不是访问令牌?
您需要在 Authorization Code 流的令牌请求中验证 Client。所以你需要为你的客户端设置ClientSecrets。
new IdentityServer3.Core.Models.Client
{
/// your properties
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
}
}
并且您需要在令牌请求中发送 client_secret 作为查询字符串。
或者您可以使用 BasicAuthentication。在这种情况下,您需要在身份验证 header.
Base64(ClientId:ClientSecret)