我可能无法正确理解如何使用 Xamarin.Auth 正确实现 IdentityServer4。
基本上我在多种情况下使用 Xamarin.Auth
- 使用 OAuth2 供应商 (MS/Google/FB) 登录
- 使用自行实现的 OAuth2 登录(尚未使用)
说到案例 1,我从移动应用程序登录到 Google/MS/FB 后,我决定进一步做什么:转到应用程序的主页或注册用户,通过注册将电子邮件存储为用户名和 userId(那个来自供应商)作为密码。
我已经用 AspNetIdentity 实现了 IdentityServer4
从我读过的内容来看,我需要实现混合身份验证,但这里的问题是它需要使用 WebView,以防万一不再需要它。所以基本上我认为我需要使用授权流程,但尝试做任何一个都失败了。
https://localhost:44348/connect/authorize?
client_id=XamClient&
client_secret=secret&response_type=code+id_token&
scope=openid&
redirect_uri=https%3A%2F%2Flocalhost%3A44348%2Fxamarincallback&
nonce=7a8ff1c107e345a8b055a8232ec15545&
code_challenge=8Kk9RQ8NX6w3YzL0eU7AWQurWnikb9NS9bVwa5lxhhE&
code_challenge_method=S256&state=d3a7b6a511da413395b2552fb194af2f
我的问题是,大多数示例都具有一个 MVC 视图,该视图将此 url 作为 redirectURL 获取,然后在客户端使用他的用户名和密码提交 POST 之后,我将获得AuthorizationCode,RefreshToken和IdentityToken.
我真的不确定如何在我的情况下正确提交身份验证,使用什么?
我只能使用 - 隐式 - 授权代码 - 这是我第一个场景的唯一合理选择?- 混合模式 - 尝试一整天来实现这一点,意识到这是不可能的..
无论如何,在查看日志后,我看到一个突然可疑的重定向到帐户控制器(asp 登录控制器)
{
"name": "Microsoft.ApplicationInsights.Dev.Request",
"time": "2017-09-12T11:26:56.5388249Z",
"tags": {
"ai.location.ip": "127.0.0.1",
"ai.internal.nodeName": "EDWARD",
"ai.operation.id": "152eb716-4ff8951dec6a1ed1",
"ai.internal.sdkVersion": "aspnet5c:2.1.1",
"ai.application.ver": "1.0.0.0",
"ai.operation.name": "GET /connect/authorize",
"ai.cloud.roleInstance": "EDWARD"
},
"data": {
"baseType": "RequestData",
"baseData": {
"ver": 2,
"id": "|152eb716-4ff8951dec6a1ed1.",
"name": "GET /connect/authorize",
"duration": "00:00:00.1530713",
"success": true,
"responseCode": "302",
"url": "https://localhost:44348/connect/authorize?client_id=AnonymousCheckerClient&client_secret=secret&response_type=code+id_token&scope=openid&redirect_uri=https:%2F%2Flocalhost:44348%2Fxamarincallback&nonce=af1427d39dc2463697047a834169fdcf&code_challenge=UUi0a9cfhrcGvzddV9eh0Lc8cdr5WE-ZwSzwbY7ReNQ&code_challenge_method=S256&state=aafde38b65044c35b83a1fcb8771de2e",
"properties": {
"httpMethod": "GET",
"AspNetCoreEnvironment": "Development",
"DeveloperMode": "true"
}
}
}
},
{
"name": "Microsoft.ApplicationInsights.Dev.Message",
"time": "2017-09-12T11:26:56.6993438Z",
"tags": {
"ai.location.ip": "127.0.0.1",
"ai.operation.parentId": "|152eb717-4ff8951dec6a1ed1.",
"ai.internal.nodeName": "EDWARD",
"ai.operation.id": "152eb717-4ff8951dec6a1ed1",
"ai.internal.sdkVersion": "aspnet5c:2.1.1",
"ai.application.ver": "1.0.0.0",
"ai.operation.name": "GET /account/login",
"ai.cloud.roleInstance": "EDWARD"
},
"data": {
"baseType": "MessageData",
"baseData": {
"ver": 2,
"message": "Request starting HTTP/1.1 GET http://localhost:44348/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DAnonymousCheckerClient%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44348%252Fxamarincallback%26nonce%3Daf1427d39dc2463697047a834169fdcf%26code_challenge%3DUUi0a9cfhrcGvzddV9eh0Lc8cdr5WE-ZwSzwbY7ReNQ%26code_challenge_method%3DS256%26state%3Daafde38b65044c35b83a1fcb8771de2e",
"severityLevel": "Information",
"properties": {
"AspNetCoreEnvironment": "Development",
"Protocol": "HTTP/1.1",
"Host": "localhost:44348",
"QueryString": "?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DAnonymousCheckerClient%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44348%252Fxamarincallback%26nonce%3Daf1427d39dc2463697047a834169fdcf%26code_challenge%3DUUi0a9cfhrcGvzddV9eh0Lc8cdr5WE-ZwSzwbY7ReNQ%26code_challenge_method%3DS256%26state%3Daafde38b65044c35b83a1fcb8771de2e",
"Scheme": "http",
"Path": "/account/login",
"DeveloperMode": "true",
"CategoryName": "Microsoft.AspNetCore.Hosting.Internal.WebHost",
"Method": "GET"
}
}
}
}
分析了IdentityServer4 来自 Git 的这个 /authorize 端点只接受 GET 而没有用户/密码。
编辑01:我检查了这个资源,它让我对我的场景(1)感到困惑......