我在 IdentityServer4 中请求新的刷新令牌时遇到了一些问题。身份验证后的某个时间,我从我的 API 收到未经授权的响应,好的,但是当我尝试请求新的刷新令牌时,我从服务器获得了一个 invalid_grant。我确保设置了offline_access,但仍然遇到问题。这是我的代码:
服务器 Config.cs 中的我的客户端
new Client
{
ClientId = "myclientId",
ClientName = "MyClient",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
ClientSecrets =
{
new Secret("mySecret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowOfflineAccess = true,
UpdateAccessTokenClaimsOnRefresh = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
...
}
}
我的 MVCclient 的 Startup.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AccessDeniedPath = "/Home/Error403"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = Configuration["Identity.Url"],
RequireHttpsMetadata = false,
ClientId = Configuration["ClientId"],
ClientSecret = Configuration["ClientSecret"],
ResponseType = "code id_token",
Scope = { "openid profile offline_access" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
});
在这里我得到了 invalid_grant
var disco = await DiscoveryClient.GetAsync(Configuration["Identity.Url"]);
if (disco.IsError) throw new Exception(disco.Error);
var tokenClient = new TokenClient(disco.TokenEndpoint, Configuration["ClientId"],
Configuration["ClientSecret"]);
var rt = await HttpContext.Authentication.GetTokenAsync("refresh_token");
var tokenResult = await tokenClient.RequestRefreshTokenAsync(rt);
tokenResult 被分配了 invalid_grant。我错过了什么吗?