我有两个项目 第一个项目 IndetityServer 充当用户身份验证和授权的服务器。 第二个项目充当客户端,用于访问资源。 如果客户端未通过身份验证,它将重定向到第一个项目的身份验证 uri。
错误如下:
错误:无效_请求 error_description:指定的“redirect_uri”对此客户端应用程序无效。 error_uri:https://documentation.openiddict.com/errors/ID2043
示例位于此网址 https://dev.to/isaacojeda/aspnet-core-authentication-server-with-openid-connect-59kh
第一个项目的文件program.cs。
using System;
using IdentityOpenID.Data;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using OpenIddict.Abstractions;
var builder = WebApplication.CreateBuilder(args);
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
builder.Services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(connectionString);
options.UseOpenIddict();
});
ConfigureFlowOpenID(builder);
builder.Services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true) .AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddRazorPages();
builder.Services.AddControllers();
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
var app = builder.Build();
if (app.Environment.IsDevelopment()) {
app.UseMigrationsEndPoint();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapControllers();
await SeedDefaultClients();
app.Run();
void ConfigureFlowOpenID(WebApplicationBuilder builder){
builder.Services.AddOpenIddict()
.AddCore(options => {
options .UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
.AddServer(options => {
options.AllowClientCredentialsFlow()
.AllowAuthorizationCodeFlow()
.RequireProofKeyForCodeExchange()
.AllowRefreshTokenFlow(); options
.SetTokenEndpointUris("/connect/token")
.SetAuthorizationEndpointUris("/connect/authorize")
.SetUserinfoEndpointUris("/connect /userinfo");
.AddEphemeralEncryptionKey()
.AddEphemeralSigningKey()
.DisableAccessTokenEncryption();
options.RegisterScopes("api");
options.RegisterScopes("profile");
options.UseAspNetCore()
.EnableTokenEndpointPassthrough()
.EnableAuthorizationEndpointPassthrough()
.EnableUserinfoEndpointPassthrough();
});
}
async Task SeedDefaultClients() {
using var scope = app.Services.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager>();
await context.Database.EnsureCreatedAsync();
var client = await manager.FindByClientIdAsync("clientwebapp");
if (client is null) {
await manager.CreateAsync(new OpenIddictApplicationDescriptor {
ClientId = "clientwebapp",
ClientSecret = "client-web-app-secret",
DisplayName = "ClientWebApp",
RedirectUris = { new Uri("https://localhost:7006/signin-oidc") },
Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization,
Constants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Prefixes.Scope + "api", OpenIddictConstants.Permissions.Prefixes.Scope + "profile", OpenIddictConstants.Permissions.ResponseTypes.Code
}
});
}
}
这是第二个项目的program.cs文件。
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddRazorPages();
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.Cookie.Name = ".ClientWebAppAuth";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://localhost:7281";
options.ClientId = "clientwebapp";
options.ClientSecret = "client-web-app-secret";
options.ResponseType = OpenIdConnectResponseType.Code;
options.CallbackPath = "/signin-oidc";
options.Scope.Add("api");
options.Scope.Add("openid");
options.Scope.Add("profile");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.TokenValidationParameters.NameClaimType = "name";
});
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages()
.RequireAuthorization();
app.Run();
注意: 在第二个项目的program.cs文件中,我添加了GitHub上提到的CallbackPath属性,但没有成功。
请向您的身份验证服务器提供原始请求(第一个项目)。