几天来,我一直在努力尝试在 aspnet 核心 api 中使用 AppAuth Android 和 IdentityServer4 实现身份验证流程。
到目前为止,我设法达到的是
- 创建我认为必要的服务器端并使用 Postman 进行测试
- 设法让 AppAuth 打开我登录的选项卡(但是成功的登录不会发送回应用程序)
这是客户端属性服务器端:
new Client
{
ClientId = "postman",
ClientName = "Postman Client",
AllowedGrantTypes = IdentityServer4.Models.GrantTypes.Code,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RequireConsent = false,
RedirectUris = { "com.example.poc.appauth://callback" },
AllowedCorsOrigins = { "http://localhost:4300" },
AllowAccessTokensViaBrowser = true,
Enabled = true,
ClientUri = null,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
},
并且可以从邮递员和收到的令牌访问此客户端。
好吧,我打赌我做错了什么有趣的部分(即使我已经阅读了我能找到的所有三个示例......) - Android客户端的配置。
build.gradle:
android {
compileSdkVersion 27
lintOptions {
disable 'InvalidPackage'
}
defaultConfig {
// TODO: Specify your own unique Application ID (https://developer.android.com/studio/build/application-id.html).
applicationId "com.example.poc"
minSdkVersion 16
targetSdkVersion 27
versionCode 1
versionName "1.0"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
manifestPlaceholders = ['appAuthRedirectScheme': 'com.example.poc.appauth']
}
dependencies {
...
implementation 'net.openid:appauth:0.7.0'
}
我添加的更改在哪里
implementation 'net.openid:appauth:0.7.0'
和
manifestPlaceholders = ['appAuthRedirectScheme': 'com.example.poc.appauth']
然后我在清单中添加了一些东西(这里添加了完整的清单):
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.poc">
<uses-permission android:name="android.permission.INTERNET"/>
<application
android:name="io.flutter.app.FlutterApplication"
android:label="poc"
android:icon="@mipmap/ic_launcher">
<activity
android:name=".MainActivity"
android:launchMode="singleTop"
android:theme="@style/LaunchTheme"
android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|layoutDirection|fontScale|screenLayout|density"
android:hardwareAccelerated="true"
android:windowSoftInputMode="adjustResize">
<meta-data
android:name="io.flutter.app.android.SplashScreenUntilFirstFrame"
android:value="true" />
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
<intent-filter>
<action android:name="com.example.poc.appauth.HANDLE_AUTHORIZATION_RESPONSE"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</activity>
<activity android:name="net.openid.appauth.RedirectUriReceiverActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="com.example.poc.appauth"/>
</intent-filter>
</activity>
</application>
现在我已经直接在 MainActivity 中添加了所有的授权实现。
private static final String AUTHORIZATION_ENDPOINT = "http://10.0.2.2:63692/account/login";
private static final String TOKEN_ENDPOINT = "http://10.0.2.2:63692/connect/token";
/* I have also tried
private static final String REDIRECT_URI = "com.example.poc.appauth://callback";
*/
private static final String REDIRECT_URI = "com.example.poc.appauth";
private static final String CLIENT_ID = "postman";
private static final String CLIENT_SECRET = "secret";
private static final String SCOPE = "openid";
private static final String RESPONSE_TYPE = "code";
private static final String HANDLE_AUTH_RESPONSE = "com.example.poc.appauth.HANDLE_AUTHORIZATION_RESPONSE";
在应用程序启动时我打电话authorize()
private void authorize() {
AuthorizationServiceConfiguration serviceConfiguration = new AuthorizationServiceConfiguration(
Uri.parse(AUTHORIZATION_ENDPOINT),
Uri.parse(TOKEN_ENDPOINT)
);
AuthorizationRequest.Builder builder = new AuthorizationRequest.Builder(
serviceConfiguration,
CLIENT_ID,
RESPONSE_TYPE,
Uri.parse(REDIRECT_URI)
);
builder.setScopes(SCOPE);
AuthorizationRequest request = builder.build();
Intent postAuthorizationIntent = new Intent(HANDLE_AUTH_RESPONSE);
PendingIntent pendingIntent = PendingIntent.getActivity(getApplicationContext(), request.hashCode(), postAuthorizationIntent , 0);
_authService.performAuthorizationRequest(request, pendingIntent);
}
登录屏幕在选项卡中打开,我可以添加我的凭据并登录(现在我被重定向到浏览器选项卡中的主页)。
我希望在登录完成时调用此函数,但似乎并非如此。
@Override
protected void onNewIntent(Intent intent) {
/* I've never reached this point. */
Log.d(LOG_TAG, "New intent received");
if (intent != null) {
String action = intent.getAction();
switch (action) {
case HANDLE_AUTH_RESPONSE:
if (!intent.hasExtra(USED_INTENT)) {
handleAuthorizationResponse(intent);
intent.putExtra(USED_INTENT, true);
}
break;
default:
// do nothing
}
}
}
如果这个问题太大了,我很抱歉,但我似乎可以在配置/实现中找到错误。
我期望发生的是:
1) 应用程序启动并使用登录屏幕打开一个选项卡 2) 我登录并关闭自定义选项卡,因为我被重定向到 MainActivity 应该处理的重定向 URI,我得到了postAuthorizationIntent
.