【问题标题】:Refreshtoken in null in Identity Server 4Identity Server 4中的Refreshtoken为null
【发布时间】:2018-07-30 20:18:42
【问题描述】:

我正在 .net core 2.0 中实现身份服务器 4。通过使用 RequestResourceOwnerPasswordAsync 方法,我可以获得 accessToken 但刷新令牌为空。代码如下:

var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
                if (disco.IsError)
                {
                    Console.WriteLine(disco.Error);
                    return BadRequest();
                }
                var tokenClient = new TokenClient(disco.TokenEndpoint, "ro.client", "secret");

                var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync(model.Email, model.Password, "api1");

Config.cs 类

 public class Config
    {
        // scopes define the resources in your system
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
            };
        }

        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("api1", "My API")
            };
        }

        // clients want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients()
        {
            // client credentials client
            return new List<Client>
            {

                // resource owner password grant client
                new Client
                {
                    ClientId = "ro.client",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    //RequireConsent = false,
                    SlidingRefreshTokenLifetime = 30,
                    AllowOfflineAccess = true,
                    RefreshTokenExpiration = TokenExpiration.Absolute,
                    RefreshTokenUsage = TokenUsage.OneTimeOnly,
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes = {"api1"}
                },

                // OpenID Connect hybrid flow and client credentials client (MVC)
                new Client
                {
                    ClientId = "mvc",
                    ClientName = "MVC Client",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
                    //RequireConsent = false,
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },

                    RedirectUris = {"http://localhost:5002/signin-oidc"},
                    PostLogoutRedirectUris = {"http://localhost:5002/signout-callback-oidc"},

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "api1"
                    },
                    AllowOfflineAccess = true
                }
            };
        }

        public static List<TestUser> GetUsers()
        {
            return new List<TestUser>
            {
                new TestUser
                {
                    SubjectId = "1",
                    Username = "alice",
                    Password = "password",

                    Claims = new List<Claim>
                    {
                        new Claim("name", "Alice"),
                        new Claim("website", "https://alice.com")
                    }
                },
                new TestUser
                {
                    SubjectId = "2",
                    Username = "bob",
                    Password = "password",

                    Claims = new List<Claim>
                    {
                        new Claim("name", "Bob"),
                        new Claim("website", "https://bob.com")
                    }
                }
            };
        }
}

和启动类

   services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryPersistedGrants()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddAspNetIdentity<ApplicationUser>();

我尝试在 config.cs 类中更改授权类型,但没有成功。我也尝试过使用 RequestAuthorizationCodeAsync 方法请求令牌,但这也没有用。谁能告诉我我做错了什么 谢谢

【问题讨论】:

    标签: asp.net-core-2.0 identityserver4 asp.net-core-webapi


    【解决方案1】:

    您需要使用 RequestResourceOwnerPasswordAsync 和额外的范围。

    tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("login", "pass", "api1 offline_access");
    

    注意offline_access 范围。没有此范围,您将无法获得刷新令牌。

    【讨论】:

    • 不错!这是关于 client_ids 之间空间的非常重要的信息
    猜你喜欢
    • 2017-07-23
    • 2018-06-27
    • 2020-11-05
    • 2017-05-26
    • 2021-11-11
    • 1970-01-01
    • 2018-10-16
    • 2018-06-03
    • 2021-08-02
    相关资源
    最近更新 更多