【问题标题】:WPF IdentityServer4 Invalid grant type for client: authorization_codeWPF IdentityServer4客户端的无效授权类型:authorization_code
【发布时间】:2020-03-25 14:20:52
【问题描述】:

我在设置 IdentityServer4 以授权 WPF 客户端时遇到问题 - 我之前已成功将其与 .NET 代码网站一起使用(最终)。 与 .NET Core 站点一样,我使用的是“混合”,但是当网站返回授权类型“授权代码”时,WPF 应用程序正在崩溃。这是日志摘录:

      SELECT [c0].[Id], [c0].[ClientId], [c0].[RedirectUri]
      FROM (
          SELECT TOP(@__p_1) [c].[Id], [c].[AbsoluteRefreshTokenLifetime], [c].[AccessTokenLifetime], [c].[AccessTokenType], [c].[AllowAccessTokensViaBrowser], [c].[AllowOfflineAccess], [c].[AllowPlainTextPkce], [c].[AllowRememberConsent], [c].[AlwaysIncludeUserClaimsInIdToken], [c].[AlwaysSendClientClaims], [c].[AuthorizationCodeLifetime], [c].[BackChannelLogoutSessionRequired], [c].[BackChannelLogoutUri], [c].[ClientClaimsPrefix], [c].[ClientId], [c].[ClientName], [c].[ClientUri], [c].[ConsentLifetime], [c].[Created], [c].[Description], [c].[DeviceCodeLifetime], [c].[EnableLocalLogin], [c].[Enabled], [c].[FrontChannelLogoutSessionRequired], [c].[FrontChannelLogoutUri], [c].[IdentityTokenLifetime], [c].[IncludeJwtId], [c].[LastAccessed], [c].[LogoUri], [c].[NonEditable], [c].[PairWiseSubjectSalt], [c].[ProtocolType], [c].[RefreshTokenExpiration], [c].[RefreshTokenUsage], [c].[RequireClientSecret], [c].[RequireConsent], [c].[RequirePkce], [c].[SlidingRefreshTokenLifetime], [c].[UpdateAccessTokenClaimsOnRefresh], [c].[Updated], [c].[UserCodeType], [c].[UserSsoLifetime]
          FROM [Clients] AS [c]
          WHERE [c].[ClientId] = @__clientId_0
      ) AS [t]
      INNER JOIN [ClientRedirectUris] AS [c0] ON [t].[Id] = [c0].[ClientId]
dbug: IdentityServer4.EntityFramework.Stores.ClientStore[0]
      VTConsole found in database: True
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
      client configuration validation for client VTConsole succeeded.
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Checking for PKCE parameters
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Invalid grant type for client: authorization_code
{
        "ClientId": "VTConsole",
        "ClientName": "VTConsole Client",
        "RedirectUri": "http://localhost/VT_ConsoleCore",
        "AllowedRedirectUris": [
          "http://localhost/VT_ConsoleCore"
        ],
        "SubjectId": "anonymous",
        "ResponseType": "code",
        "ResponseMode": "query",
        "GrantType": "authorization_code",
        "RequestedScopes": "",
        "State": "pW44DAo0a5FM6jjnYCMaGQ",
        "Raw": {
          "response_type": "code",
          "nonce": "uddkyT-k7lbKpLfFArzmiw",
          "state": "pW44DAo0a5FM6jjnYCMaGQ",
          "code_challenge": "X-rkJyBEUWcS7_hrpVzsKQP5C-lC_Sd1Yll_xu195tA",
          "code_challenge_method": "S256",
          "client_id": "VTConsole",
          "scope": "LDH001 offline_access CMDS ",
          "redirect_uri": "http://localhost/VT_ConsoleCore"
        }
      }
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]

此处记录的查询返回 client_id 7 和重定向 URI http://localhost/VT_ConsoleCore - 两者都符合预期

ID 7 的 ClientGrantTypes 条目是混合的。

ClientScopes 具有 LDH001、offline_access 和 CMDS 的条目,但 LDH001 是新的,但它存在于 APIScopes 和 APIResources 中。

这就是我从 WPF 代码隐藏中调用 IdentityServer4 的方式:

            var options = new OidcClientOptions
            {
                Authority = this.config.p_Authority,
                ClientId = this.config.p_ClientId,
                RedirectUri = "http://localhost/VT_ConsoleCore",

                Browser = new WpfEmbeddedBrowser()
            };
            foreach (CScopeMasterBase scope in this.scopes)
            {
                options.Scope+= $"{scope.p_AddScopeFor} ";
            }


            _oidcClient = new OidcClient(options);

【问题讨论】:

    标签: c# wpf identityserver4


    【解决方案1】:

    原来选项需要以下附加条目

                    Flow = OidcClientOptions.AuthenticationFlow.Hybrid,
    

    【讨论】:

      猜你喜欢
      • 2020-08-06
      • 2019-01-24
      • 2020-03-23
      • 1970-01-01
      • 2018-11-02
      • 1970-01-01
      • 2021-02-26
      • 1970-01-01
      • 2015-01-08
      相关资源
      最近更新 更多