IdentityServer4 Introspection 多租户请求
IdentityServer4 Introspection multi tenant request
我正在尝试使用可用的内省示例 here 在请求中发送租户
var client = new HttpClient();
var tokenRequest = new PasswordTokenRequest {
Address = disco.TokenEndpoint,
ClientId = "roclient.reference",
ClientSecret = "secret",
UserName = "user",
Password = "password",
Scope = "api1 api2.read_only"
};
tokenRequest.Parameters.Add( "acr_values", "tenant:mytenant" );
var response = await client.RequestPasswordTokenAsync( tokenRequest );
然而,租户参数在服务器端始终为空,您可以从以下日志中看到
[09:54:02 INF] User authentication failed: ["invalid_username_or_password"], request details:
{
"ClientId": "roclient.reference",
"ClientName": "Introspection Client Sample",
"GrantType": "password",
"Scopes": "api1 api2.read_only",
"AuthorizationCode": null,
"RefreshToken": null,
"UserName": "user",
"AuthenticationContextReferenceClasses": null,
"Tenant": null,
"IdP": null,
"Raw": {"acr_values": "tenant:mytenant", "grant_type": "password", "username": "user", "password": "***REDACTED***", "scope": "api1 api2.read_only", "client_id": "roclient.reference", "client_secret": "***REDACTED***"},
"$type": "TokenRequestValidationLog"
}
在请求中发送租户参数的正确方式是什么?
您的操作正确,但 IdentityServer 不会自动解析令牌请求中的 acr_values。根据您想做什么,您可以创建并注册 ICustomTokenRequestValidator 的实现,以在收到特定 acr_values 后执行特殊操作。这些文档会让人们相信 otherwise though but I think that's just the result of a copy-paste job that lead to a typo (it pretty much says the same thing about acrs on the authorize endpoint page)。
要亲眼看看这种情况,您可以查看 token endpoint which calls the token request validator before generating a response with the token response generator. If you compare the TokenRequestValidator with the AuthorizeRequestValidator,您会很快注意到它与 acr_values 的处理方式不同(只需按 ctrl- f 'acr' 每页)。
我正在尝试使用可用的内省示例 here 在请求中发送租户
var client = new HttpClient();
var tokenRequest = new PasswordTokenRequest {
Address = disco.TokenEndpoint,
ClientId = "roclient.reference",
ClientSecret = "secret",
UserName = "user",
Password = "password",
Scope = "api1 api2.read_only"
};
tokenRequest.Parameters.Add( "acr_values", "tenant:mytenant" );
var response = await client.RequestPasswordTokenAsync( tokenRequest );
然而,租户参数在服务器端始终为空,您可以从以下日志中看到
[09:54:02 INF] User authentication failed: ["invalid_username_or_password"], request details:
{
"ClientId": "roclient.reference",
"ClientName": "Introspection Client Sample",
"GrantType": "password",
"Scopes": "api1 api2.read_only",
"AuthorizationCode": null,
"RefreshToken": null,
"UserName": "user",
"AuthenticationContextReferenceClasses": null,
"Tenant": null,
"IdP": null,
"Raw": {"acr_values": "tenant:mytenant", "grant_type": "password", "username": "user", "password": "***REDACTED***", "scope": "api1 api2.read_only", "client_id": "roclient.reference", "client_secret": "***REDACTED***"},
"$type": "TokenRequestValidationLog"
}
在请求中发送租户参数的正确方式是什么?
您的操作正确,但 IdentityServer 不会自动解析令牌请求中的 acr_values。根据您想做什么,您可以创建并注册 ICustomTokenRequestValidator 的实现,以在收到特定 acr_values 后执行特殊操作。这些文档会让人们相信 otherwise though but I think that's just the result of a copy-paste job that lead to a typo (it pretty much says the same thing about acrs on the authorize endpoint page)。
要亲眼看看这种情况,您可以查看 token endpoint which calls the token request validator before generating a response with the token response generator. If you compare the TokenRequestValidator with the AuthorizeRequestValidator,您会很快注意到它与 acr_values 的处理方式不同(只需按 ctrl- f 'acr' 每页)。