1

我有一个 Identity server 4 应用程序,我正在尝试使用我的 Xamarin.forms 应用程序使用 PKCE 登录。我不断从身份服务器收到一个我以前从未见过的错误。code_challenge is missing我猜我使用了错误的授权类型,但我为 Xamarin 找到的所有文档都说我应该使用这个。

如何将 Xamarin 连接到 Identity server 4?

错误

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      code_challenge is missing
{
        "ClientId": "xamarin",
        "ClientName": "eShop Xamarin OpenId Client",
        "RedirectUri": "1046123799103-h63f9o1cnj78fo26okng1aacr9e89u2e:/oauth2redirect",
        "AllowedRedirectUris": [
          "http://localhost:5001/signin-oidc"
        ],
        "SubjectId": "anonymous",
        "ResponseType": "code",
        "ResponseMode": "query",
        "GrantType": "authorization_code",
        "RequestedScopes": "",
        "State": "egfczresvcjyeerw",
        "Raw": {
          "client_id": "xamarin",
          "redirect_uri": "1046123799103-h63f9o1cnj78fo26okng1aacr9e89u2e:/oauth2redirect",
          "scope": "profile openid nol_api navinfo",
          "response_type": "code",
          "state": "egfczresvcjyeerw"
        }
      }

身份服务器中的客户端 ID

new Client
            {
                ClientId = "xamarin",
                ClientName = "eShop Xamarin OpenId Client",
                AllowedGrantTypes = GrantTypes.Code,

                RedirectUris = { "http://localhost:5001/signin-oidc" },
                RequireConsent = false,
                RequirePkce = true,
                PostLogoutRedirectUris = { "http://localhost:8008/Account/Redirecting" },
                AllowedScopes = new List<string>
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "navinfo",
                    $"{nolConfig.Client}_api"
                },
                AllowOfflineAccess = true,
                AllowAccessTokensViaBrowser = true,
                RequireClientSecret = false
            }

xamarin 代码

Authenticator = new OAuth2Authenticator
            (
                _clientId,
                _secret,
                _scopes,
                new Uri(_discoveryDoc.AuthorizationEndpoint),
                _redirectUri,
                new Uri(_discoveryDoc.TokenEndpoint),
                null,
                isUsingNativeUI: true
            );

如果我 RequirePkce = true,从身份服务器中的客户端中删除,我将不再收到相关错误。据我所知,Xamarin.auth 还不支持 PKCE。这意味着我要么必须禁用它,要么自己实现它。

如何在启用 PKCE 的情况下从 XAmarin 表单登录到身份服务器 4。

4

1 回答 1

0

看起来 PKCE 是OAuth2Authenticator通过没有客户端密码启用的:

    protected bool IsProofKeyCodeForExchange
    {
        get
        {
            return
                accessTokenUrl != null                    // AccessToken url is defined
                &&
                string.IsNullOrWhiteSpace(clientSecret)   // Client Secret is not defined
                ;
        }
    }

所以我会尝试

Authenticator = new OAuth2Authenticator
        (
            _clientId,
            null,
            _scopes,
            new Uri(_discoveryDoc.AuthorizationEndpoint),
            _redirectUri,
            new Uri(_discoveryDoc.TokenEndpoint),
            null,
            isUsingNativeUI: true
        );
于 2019-09-28T13:53:36.463 回答