这是我的 mvc 连接身份服务器的初始设置。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = "http://identity.azurewebsites.net",
RedirectUri = "http://localhost:62419/signin-oidc",
PostLogoutRedirectUri = "http://localhost:62419/signout-callback-oidc",
ClientId = "mvc",
ResponseType = "id_token",
Scope = "openid profile",
UseTokenLifetime = false,
RequireHttpsMetadata = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = (context) =>
{
var identity = context.AuthenticationTicket.Identity;
var name = identity.Claims.FirstOrDefault(c => c.Type == identity.NameClaimType)?.Value;
return Task.FromResult(0);
}
}
});
我可以访问身份服务器。我收到一条消息
抱歉,出现错误:unauthorized_client 无效的redirect_uri
我已将redirectUri 添加到与上面显示的代码匹配的ClientRedirectUris 表中。还有其他区域我忘记添加或设置吗?
您必须确保重定向 url 与 IdentityServer 中客户端配置中的重定向 url 匹配。例如
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
// where to redirect to after login
RedirectUris = { "http://localhost:62419/signin-oidc" },
// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:62419/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
}
}
确保
RedirectUris此外,请确保您的范围与客户端配置中的 AlowedScopes 匹配。如果我们能够看到请求 URL,将会有所帮助。即
https://identity.azurewebsites.net/connect/authorize?
client_id=mvc
&redirect_uri=http://localhost:62419/signin-oidc
&response_type=id_token
&scope=openid profile
&nonce=63653346343504
&state=CfDJAJDR
&response_mode=form_post
聚会迟到了,但我会加我的两分钱:
通常,
unauthorized_client这可以是任何客户端设置:
Client Id
Client Secret (if used)
PKCE (if used)
Return Url
Scopes (not matching)
Grant Type (not allowed)
这不是详尽的列表,可能还有其他属性会导致客户端被拒绝。
如果您收到此错误,请确保客户端和身份服务器端的设置匹配,很可能存在一些配置不一致。