0

我已经使用 OpenIddict 为 ClientCredentials 配置了一个授权服务器,如下所示。

services.AddOpenIddict()
    // Register the OpenIddict core components.
    .AddCore(options =>
    {
        // Configure OpenIddict to use the Entity Framework Core stores and models.
        // Note: call ReplaceDefaultEntities() to replace the default entities.
        options.UseEntityFrameworkCore()
            .UseDbContext<ApplicationDbContext>();
    })
    // Register the OpenIddict server components.
    .AddServer(options =>
    {
        // Enable the token endpoint.
        options.SetTokenEndpointUris("/connect/token");

        // Enable the client credentials flow.
        options.AllowClientCredentialsFlow();

        // Register the signing and encryption credentials.
        options.AddDevelopmentEncryptionCertificate()
            .AddDevelopmentSigningCertificate();

        // Register the ASP.NET Core host and configure the ASP.NET Core options.
        options.UseAspNetCore()
            .EnableTokenEndpointPassthrough();

        options.DisableAccessTokenEncryption();
    })
    // Register the OpenIddict validation components.
    .AddValidation(options =>
    {
        // Import the configuration from the local OpenIddict server instance.
        options.UseLocalServer();

        // Register the ASP.NET Core host.
        options.UseAspNetCore();
    });

当 client_id 和 client_secret 在请求正文中时,我可以获得 access_token。 访问令牌返回

[12:20:27 INF] HTTP POST /connect/token responded 400 in 377.3274 ms
[12:21:22 INF] The request address matched a server endpoint: Token.
[12:21:22 INF] The token request was successfully extracted: {
  "grant_type": "client_credentials",
  "client_id": "PVHP",
  "client_secret": "[redacted]"
}.

但是当 client_id 和 client_secret 在基本授权标头中作为 Base64 编码的 client_id:client_secret 发送时,它不起作用。grant_type=client_credentials 在正文中指定。 使用基本身份验证时出错

[12:21:23 WRN] Client authentication failed for PVHP.
[12:21:23 ERR] The token request was rejected because the confidential application 'PVHP' didn't specify valid client credentials.
[12:21:23 INF] The response was successfully returned as a JSON document: {
  "error": "invalid_client",
  "error_description": "The specified client credentials are invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2055"
}.

openid 配置文档似乎表明 client_secret_basic 支持

[11:18:01 INF] The response was successfully returned as a JSON document: {
  "issuer": "https://localhost:44371/",
  "token_endpoint": "https://localhost:44371/connect/token",
  "jwks_uri": "https://localhost:44371/.well-known/jwks",
  "grant_types_supported": [
    "client_credentials"
  ],
  "scopes_supported": [
    "openid"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false
}.

设置服务器时我是否错过了任何配置?问候。

4

0 回答 0