我有一个具有以下配置的ASP.net核心IdentityServer4项目:
Startup.cs:
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(InMemoryConfiguration.IdentityResources())
.AddTestUsers(InMemoryConfiguration.TestUsers().ToList())
.AddInMemoryClients(InMemoryConfiguration.Clients())
.AddInMemoryApiResources(InMemoryConfiguration.ApiResources());
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
}
}
InMemoryConfiguration.cs:
public class InMemoryConfiguration
{
public static IEnumerable<ApiResource> ApiResources()
{
return new[]
{
new ApiResource("main", "main")
{
UserClaims = new List<string>{ClaimTypes.Email}
},
};
}
public static IEnumerable<IdentityResource> IdentityResources()
{
return new IdentityResource[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
};
}
public static IEnumerable<Client> Clients()
{
return new[]
{
new Client
{
ClientId = "mainclient",
ClientSecrets = new[] {new Secret("secret".Sha256())},
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = new[]
{
"main",
// IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
// IdentityServerConstants.StandardScopes.Email
IdentityServerConstants.StandardScopes.OfflineAccess
},
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
RefreshTokenExpiration = TokenExpiration.Sliding,
},
new Client
{
ClientId = "apiclient",
ClientSecrets = new[] {new Secret("secret".Sha256())},
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = new[] {"main",IdentityServerConstants.StandardScopes.OfflineAccess},
}
};
}
public static IEnumerable<TestUser> TestUsers()
{
return new[]
{
new TestUser
{
SubjectId = "1",
Username = "[email protected]",
Password = "pass",
Claims = new List<Claim>{new Claim(ClaimTypes.Email,"[email protected]")}
}
};
}
}
然后,我使用邮差来获取访问令牌:Postman screen A
但是当我尝试使用上一个请求中的刷新令牌刷新它时,我得到'Invalid_grant':Postman screen B
知道我在做什么的人吗?
查看IdentityServer4的源代码时,有一些集成测试可以测试invalid_grant
返回代码。
在这两种情况下,如果在PasswordTokenRequest
请求中提供了无效的密码,都会返回此消息。