【问题标题】:IdentityServer4 Error, offline_access is not allowed for this clientIdentityServer4 错误,此客户端不允许离线访问
【发布时间】:2019-07-16 05:26:58
【问题描述】:

我在内存配置中创建了一个辅助类,

public class InMemoryConfiguration
{
    public static IEnumerable<ApiResource> ApiResources()
    {
        return new[] {
                new ApiResource("socialnetwork", "Social Network")
            };
    }

    public static IEnumerable<Client> Clients()
    {
        return new[] {
                new Client
                {
                    ClientId = "socialnetwork",
                    ClientName = "SocialNetwork",
                    ClientSecrets = new [] { new Secret("secret".Sha256()) },
                     //Flow = Flows.ResourceOwner,
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    AllowedScopes = new [] { "socialnetwork", StandardScopes.OfflineAccess, StandardScopes.OpenId, StandardScopes.OfflineAccess },
                    Enabled = true

                }
            };
    }

    public static IEnumerable<TestUser> Users()
    {
        return new[] {
                new TestUser
                {
                    SubjectId = "1",
                    Username = "myUser@question.com",
                    Password = "password",
                }
            };
    }
}

从我的 ASP.Net 应用程序(单独的项目),我正在发送身份验证请求,

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
        {

            try
            {
                if (!ModelState.IsValid)
                {
                    return View(model);
                }

                var client = new OAuth2Client(new Uri("http://localhost:61502/connect/token"), "socialnetwork", "secret");                
                var requestResponse = client.RequestAccessTokenUserName(model.Email, model.Password, "openid profile offline_access");

                var claims = new[]
                {
                    new Claim("access_token", requestResponse.AccessToken),
                    new Claim("refresh_token", requestResponse.RefreshToken)
                };

                var claimsIdentity = new ClaimsIdentity(claims,
                    DefaultAuthenticationTypes.ApplicationCookie);

                HttpContext.GetOwinContext().Authentication.SignIn(claimsIdentity);

                return RedirectToLocal(returnUrl);
            }
            catch (Exception ex)
            {
                    //Do my Error Handling
            }


        }

现在我在服务器控制台上看到错误,

此客户端不允许离线访问:社交网络

我已经在allowe上提供了对客户端的所有访问权限

d scope,
AllowedScopes = new [] { "socialnetwork", StandardScopes.OfflineAccess, StandardScopes.OpenId, StandardScopes.OfflineAccess }

为什么会出现此错误?这与流量或其他有关吗?

【问题讨论】:

标签: c# oauth-2.0 asp.net-identity identityserver4


【解决方案1】:

在客户端配置中将AllowOfflineAccess 属性设置为true,而不是将其添加到AllowedScopes

           new Client
            {
                ClientId = "socialnetwork",
                ClientName = "SocialNetwork",
                ClientSecrets = new [] { new Secret("secret".Sha256()) },
                 //Flow = Flows.ResourceOwner,
                AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                AllowedScopes = new [] { "socialnetwork",StandardScopes.OpenId },
                Enabled = true,
                AllowOfflineAccess = true
            }

【讨论】:

    猜你喜欢
    • 2020-07-25
    • 2018-05-28
    • 1970-01-01
    • 2021-11-08
    • 1970-01-01
    • 2018-10-18
    • 2020-12-07
    • 2012-07-06
    • 2019-11-11
    相关资源
    最近更新 更多