当我尝试刷新访问令牌时,ASP.net核心IdentityServer4响应并带有invalid_grant

问题描述 投票:0回答:1

我有一个具有以下配置的ASP.net核心IdentityServer4项目:

Startup.cs:

    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddIdentityServer()
                .AddDeveloperSigningCredential()
                .AddInMemoryIdentityResources(InMemoryConfiguration.IdentityResources())
                .AddTestUsers(InMemoryConfiguration.TestUsers().ToList())
                .AddInMemoryClients(InMemoryConfiguration.Clients())
                .AddInMemoryApiResources(InMemoryConfiguration.ApiResources());
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseIdentityServer();
        }
    }

InMemoryConfiguration.cs:

 public class InMemoryConfiguration
    {
        public static IEnumerable<ApiResource> ApiResources()
        {
            return new[]
            {
                new ApiResource("main", "main")
                {
                    UserClaims = new List<string>{ClaimTypes.Email}
                }, 
            };
        }

        public static IEnumerable<IdentityResource> IdentityResources()
        {
            return new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                new IdentityResources.Email(),
            };
        }

        public static IEnumerable<Client> Clients()
        {
            return new[]
            {
                new Client
                {
                    ClientId = "mainclient",
                    ClientSecrets = new[] {new Secret("secret".Sha256())},
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes = new[]
                    {
                        "main",
                        // IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        // IdentityServerConstants.StandardScopes.Email
                        IdentityServerConstants.StandardScopes.OfflineAccess
                    },
                    AllowOfflineAccess = true,
                    RefreshTokenUsage = TokenUsage.OneTimeOnly,
                    RefreshTokenExpiration = TokenExpiration.Sliding,
                },
                new Client
                {
                    ClientId = "apiclient",
                    ClientSecrets = new[] {new Secret("secret".Sha256())},
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes = new[] {"main",IdentityServerConstants.StandardScopes.OfflineAccess},
                }
            };
        }

        public static IEnumerable<TestUser> TestUsers()
        {
            return new[]
            {
                new TestUser
                {
                    SubjectId = "1",
                    Username = "[email protected]",
                    Password = "pass",
                    Claims = new List<Claim>{new Claim(ClaimTypes.Email,"[email protected]")}
                }
            };
        }
    }

然后,我使用邮差来获取访问令牌:Postman screen A

但是当我尝试使用上一个请求中的刷新令牌刷新它时,我得到'Invalid_grant':Postman screen B

知道我在做什么的人吗?

c# asp.net-core asp.net-identity postman identityserver4
1个回答
0
投票

查看IdentityServer4的源代码时,有一些集成测试可以测试invalid_grant返回代码。

在这两种情况下,如果在PasswordTokenRequest请求中提供了无效的密码,都会返回此消息。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.