【发布时间】:2020-03-25 14:20:52
【问题描述】:
我在设置 IdentityServer4 以授权 WPF 客户端时遇到问题 - 我之前已成功将其与 .NET 代码网站一起使用(最终)。 与 .NET Core 站点一样,我使用的是“混合”,但是当网站返回授权类型“授权代码”时,WPF 应用程序正在崩溃。这是日志摘录:
SELECT [c0].[Id], [c0].[ClientId], [c0].[RedirectUri]
FROM (
SELECT TOP(@__p_1) [c].[Id], [c].[AbsoluteRefreshTokenLifetime], [c].[AccessTokenLifetime], [c].[AccessTokenType], [c].[AllowAccessTokensViaBrowser], [c].[AllowOfflineAccess], [c].[AllowPlainTextPkce], [c].[AllowRememberConsent], [c].[AlwaysIncludeUserClaimsInIdToken], [c].[AlwaysSendClientClaims], [c].[AuthorizationCodeLifetime], [c].[BackChannelLogoutSessionRequired], [c].[BackChannelLogoutUri], [c].[ClientClaimsPrefix], [c].[ClientId], [c].[ClientName], [c].[ClientUri], [c].[ConsentLifetime], [c].[Created], [c].[Description], [c].[DeviceCodeLifetime], [c].[EnableLocalLogin], [c].[Enabled], [c].[FrontChannelLogoutSessionRequired], [c].[FrontChannelLogoutUri], [c].[IdentityTokenLifetime], [c].[IncludeJwtId], [c].[LastAccessed], [c].[LogoUri], [c].[NonEditable], [c].[PairWiseSubjectSalt], [c].[ProtocolType], [c].[RefreshTokenExpiration], [c].[RefreshTokenUsage], [c].[RequireClientSecret], [c].[RequireConsent], [c].[RequirePkce], [c].[SlidingRefreshTokenLifetime], [c].[UpdateAccessTokenClaimsOnRefresh], [c].[Updated], [c].[UserCodeType], [c].[UserSsoLifetime]
FROM [Clients] AS [c]
WHERE [c].[ClientId] = @__clientId_0
) AS [t]
INNER JOIN [ClientRedirectUris] AS [c0] ON [t].[Id] = [c0].[ClientId]
dbug: IdentityServer4.EntityFramework.Stores.ClientStore[0]
VTConsole found in database: True
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client VTConsole succeeded.
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Checking for PKCE parameters
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: authorization_code
{
"ClientId": "VTConsole",
"ClientName": "VTConsole Client",
"RedirectUri": "http://localhost/VT_ConsoleCore",
"AllowedRedirectUris": [
"http://localhost/VT_ConsoleCore"
],
"SubjectId": "anonymous",
"ResponseType": "code",
"ResponseMode": "query",
"GrantType": "authorization_code",
"RequestedScopes": "",
"State": "pW44DAo0a5FM6jjnYCMaGQ",
"Raw": {
"response_type": "code",
"nonce": "uddkyT-k7lbKpLfFArzmiw",
"state": "pW44DAo0a5FM6jjnYCMaGQ",
"code_challenge": "X-rkJyBEUWcS7_hrpVzsKQP5C-lC_Sd1Yll_xu195tA",
"code_challenge_method": "S256",
"client_id": "VTConsole",
"scope": "LDH001 offline_access CMDS ",
"redirect_uri": "http://localhost/VT_ConsoleCore"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
此处记录的查询返回 client_id 7 和重定向 URI http://localhost/VT_ConsoleCore - 两者都符合预期
ID 7 的 ClientGrantTypes 条目是混合的。
ClientScopes 具有 LDH001、offline_access 和 CMDS 的条目,但 LDH001 是新的,但它存在于 APIScopes 和 APIResources 中。
这就是我从 WPF 代码隐藏中调用 IdentityServer4 的方式:
var options = new OidcClientOptions
{
Authority = this.config.p_Authority,
ClientId = this.config.p_ClientId,
RedirectUri = "http://localhost/VT_ConsoleCore",
Browser = new WpfEmbeddedBrowser()
};
foreach (CScopeMasterBase scope in this.scopes)
{
options.Scope+= $"{scope.p_AddScopeFor} ";
}
_oidcClient = new OidcClient(options);
【问题讨论】:
标签: c# wpf identityserver4