当我尝试刷新访问令牌时,ASP.net 核心 IdentityServer4 以 invalid_grant 响应

【问题标题】:ASP.net core IdentityServer4 responds with invalid_grant when I try to refresh my access token当我尝试刷新访问令牌时,ASP.net 核心 IdentityServer4 以 invalid_grant 响应
【发布时间】:2020-03-22 21:49:21
【问题描述】:

我有一个 ASP.net 核心 IdentityServer4 项目,配置如下:

Startup.cs:

    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddIdentityServer()
                .AddDeveloperSigningCredential()
                .AddInMemoryIdentityResources(InMemoryConfiguration.IdentityResources())
                .AddTestUsers(InMemoryConfiguration.TestUsers().ToList())
                .AddInMemoryClients(InMemoryConfiguration.Clients())
                .AddInMemoryApiResources(InMemoryConfiguration.ApiResources());
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseIdentityServer();
        }
    }

InMemoryConfiguration.cs:

 public class InMemoryConfiguration
    {
        public static IEnumerable<ApiResource> ApiResources()
        {
            return new[]
            {
                new ApiResource("main", "main")
                {
                    UserClaims = new List<string>{ClaimTypes.Email}
                }, 
            };
        }

        public static IEnumerable<IdentityResource> IdentityResources()
        {
            return new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                new IdentityResources.Email(),
            };
        }

        public static IEnumerable<Client> Clients()
        {
            return new[]
            {
                new Client
                {
                    ClientId = "mainclient",
                    ClientSecrets = new[] {new Secret("secret".Sha256())},
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes = new[]
                    {
                        "main",
                        // IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        // IdentityServerConstants.StandardScopes.Email
                        IdentityServerConstants.StandardScopes.OfflineAccess
                    },
                    AllowOfflineAccess = true,
                    RefreshTokenUsage = TokenUsage.OneTimeOnly,
                    RefreshTokenExpiration = TokenExpiration.Sliding,
                },
                new Client
                {
                    ClientId = "apiclient",
                    ClientSecrets = new[] {new Secret("secret".Sha256())},
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes = new[] {"main",IdentityServerConstants.StandardScopes.OfflineAccess},
                }
            };
        }

        public static IEnumerable<TestUser> TestUsers()
        {
            return new[]
            {
                new TestUser
                {
                    SubjectId = "1",
                    Username = "jvanhoye@hotmail.com",
                    Password = "pass",
                    Claims = new List<Claim>{new Claim(ClaimTypes.Email,"jvanhoye@hotmail.com55")}
                }
            };
        }
    }

然后我使用 Postman 获取访问令牌: Postman screen A

但是当我尝试使用来自先前请求的刷新令牌刷新它时,我得到“Invalid_grant”: Postman screen B

有谁知道我做错了什么?

【问题讨论】:

  • 您是否尝试查看身份服务器的日志是否有更多信息?

标签: c# asp.net-core asp.net-identity postman identityserver4


【解决方案1】:

查看 IdentityServer4 的源代码时,有一些集成测试会测试 invalid_grant 返回代码。

在这两种情况下,此消息都会在

的情况下返回
  1. 提供的密码无效
  2. 用户被锁定
  3. 不允许该用户。

验证在类内:

public class ResourceOwnerPasswordValidator<TUser> : IResourceOwnerPasswordValidator

在IdentityServer的日志文件中也可以找到一些信息,它使用Serilog库,可以在program.cs的identityserver的Main方法中开启日志记录:

Log.Logger = new LoggerConfiguration()
    .MinimumLevel.Debug()
    .MinimumLevel.Override("Microsoft", LogEventLevel.Warning)
    .MinimumLevel.Override("System", LogEventLevel.Warning)
    .MinimumLevel.Override("Microsoft.AspNetCore.Authentication", LogEventLevel.Information)
    .Enrich.FromLogContext()
    .WriteTo.File("logs\\some-file-name.txt")
    .CreateLogger();

BuildWebHost(args).Run();

【讨论】:

  • 错误被锁定时如何添加自定义error_description?
猜你喜欢
  • 1970-01-01
  • 2021-09-11
  • 2021-11-07
  • 1970-01-01
  • 2020-12-09
  • 1970-01-01
  • 1970-01-01
  • 2020-09-12
  • 2017-03-06
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode