1

为 MVC 5 客户端实现IdToken token响应类型流,收到错误消息ArgumentNullException: IDX10000: The parameter 'hashAlgorithm' cannot be a 'null' or an empty object.

它似乎失败了,Alg作为hmac和 Microsoft IdentityModel 寻找 SHA256。如发现失败的堆栈跟踪,

   at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseHashAlgorithm(HashAlgorithm hashAlgorithm) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\CryptoProviderFactory.cs:line 491
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateHash(String expectedValue, String hashItem, String algorithm) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Protocols.OpenIdConnect\OpenIdConnectProtocolValidator.cs:line 489
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateAtHash(OpenIdConnectProtocolValidationContext validationContext) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Protocols.OpenIdConnect\OpenIdConnectProtocolValidator.cs:line 590
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateAuthenticationResponse(OpenIdConnectProtocolValidationContext validationContext) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Protocols.OpenIdConnect\OpenIdConnectProtocolValidator.cs:line 265

MVC 5 作为 Identityserver4 客户端身份验证配置: 

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                {
        ..   
        ProtocolValidator = new JweProtocolValidator
                        {
                            RequireStateValidation = false,
                            NonceLifetime = TimeSpan.FromMinutes(20)
                        },
        Notification:
             SecurityTokenValidated = n =>
                                    {
                                        var id = n.AuthenticationTicket.Identity;
                                        id.AddClaim(new System.Security.Claims.Claim("access_token", n.ProtocolMessage.AccessToken));
                                        n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(id, n.AuthenticationTicket.Properties);
                                        return Task.FromResult(0);
                                    },
        ..
    }

验证器:

public class JweProtocolValidator : OpenIdConnectProtocolValidator
{
    protected override void ValidateIdToken(OpenIdConnectProtocolValidationContext validationContext)
    {
        if (validationContext.ValidatedIdToken.InnerToken != null)
            validationContext.ValidatedIdToken = validationContext.ValidatedIdToken.InnerToken;

        base.ValidateIdToken(validationContext);
    }

    public override void ValidateTokenResponse(OpenIdConnectProtocolValidationContext validationContext)
    {
        if (validationContext.ValidatedIdToken.InnerToken != null)
            validationContext.ValidatedIdToken = validationContext.ValidatedIdToken.InnerToken;

        base.ValidateTokenResponse(validationContext);
    }

    public override void ValidateUserInfoResponse(OpenIdConnectProtocolValidationContext validationContext)
    {
        if (validationContext.ValidatedIdToken.InnerToken != null)
            validationContext.ValidatedIdToken = validationContext.ValidatedIdToken.InnerToken;

        base.ValidateUserInfoResponse(validationContext);
    }
}

注意:尝试按照文章https://www.scottbrady91.com/Identity-Server/Encrypting-Identity-Tokens-in-IdentityServer4

4

0 回答 0