我有一个客户端集成,我想有服务器和我们的服务器之间的机器对机器的授权。我认为我可以使用authorization_code流动,但它看起来像它需要用户的cookie存在,否则它始终重定向到登录页面。
是否有使用IdentityServer4一台服务器可以要求我提供了一些用户信息,例如方式也许加密的用户标识符,并且我可以用它来返回一个授权码?我已经能够实现一些这与我自己执行AuthorizeInteractionResponseGenerator
的。我重写ProcessLoginAsync()
方法,并推出了新的提示类型,可以说abc
所以当提供提示符下键入是abc
,我拿用户的标识从原始请求并记录用户在生成ClaimsPrincipal
,直到最后我得到的错误:
InvalidOperationException异常:用户目前未被验证
提出堆栈跟踪的东西如下:
System.InvalidOperationException: User is not currently authenticated
at IdentityServer4.Services.DefaultUserSession.<SetClientListPropertyValueAsync>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultUserSession.<SetClientsAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultUserSession.<AddClientIdAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.Results.AuthorizeResult.<ProcessResponseAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.Results.AuthorizeResult.<ExecuteAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.<Invoke>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.BaseUrlMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Rp.Middleware.IdHashing.IdHashingMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()
这具有的,因为要求做,对没有争论,但我想你的帮助就在于我怎么能解决上面提到的错误?此外,我是不是做得太多重复工作,而我可以在一些其他的方式来实现这一目标发挥IdentityServer4?
期待你的回复。谢谢!
更新:
所以给大家多一点的情况下,我没有试图做一个单点登录。我做的是,我对建设谁不希望用户知道应用程序是不是从他们的客户端应用程序一个。因此,用户登录到客户端的网站,但页面上的一个,出角的应用程序加载。现在,这个应用程序不依赖于客户端上,它有它在我们的数据库所需要的一切,从客户需要的只是一些事情通过我们,使我们可以登录我们的应用程序客户端用户以及但是没有任何同意或什么让一个感觉,我们的应用程序实际上是客户端应用程序的一部分。我们不能完全依赖于客户端验证要么是因为我有多个客户,每个人都没有AUTH不同。
被优选用于机器对机器通信的流动被称为client credentials
。话虽如此,它看起来像你需要有用户上下文在你的机器到机器的通信方案,所以你也可以在技术上使用resource owner credentials
流。为了做到这一点,你将需要实现IResourceOwnerPasswordValidator
身份服务器4侧。
你踏上任何这些实现之前,请确保您了解使用resource owner credentials
流,因为它通常是令人难以接受的,不推荐使用的安全问题。也似乎你正在寻找用户上下文存在于你的机器到机器的通信方案,以使已恍如设计了红旗。
如果您需要更多的信息,你可以参考,以优良的快速启动样品标识服务器4,您可以检查有上述两种流动可以实现。