使用IdentityServer4,更新了.net core 3的代码后,我收到一个unauthorized_client错误。
我的客户端在IdentityServer中的设置如下:
new Client
{
ClientId = "testclient",
ClientName = "My Test Client",
RequireConsent = false,
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets = { new Secret("secret".Sha256()) },
RedirectUris = { "https://localhost:50691/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:50691/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId, // identity resource
"testscope" // api resource
}
},
我正在尝试在客户端应用程序中使用以下代码来检索访问令牌:
public async Task<TokenResponse> GetAccessTokenAsync(string IdentityServerBaseAddress, string IdentityServerClientId)
{
var client = new HttpClient();
var disco = await client.GetDiscoveryDocumentAsync(IdentityServerBaseAddress);
if (disco.IsError)
{
Console.WriteLine($"Disco error: {disco.Error}");
return null;
}
Console.WriteLine($"Token endpoint: {disco.TokenEndpoint}");
Console.WriteLine();
// TODO: Get secret from Azure Key Vault
// request token
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = disco.TokenEndpoint, // "https://localhost:5000/connect/token"
ClientId = "testclient", // valid clientid
ClientSecret = "secret",
Scope = "testscope"
});
if (tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return null;
}
return tokenResponse;
}
tokenResponse.IsError返回true(因此该方法返回null),并且Error设置为“ unauthorized_client”。我将此代码基于http://docs.identityserver.io/en/latest/quickstarts/1_client_credentials.html?highlight=requestclientcredentialstokenasync上的文档。我的clientid有效,并且IdentityServer在登录此客户端时正在验证用户。我敢肯定,这个问题很简单,只是我没有看到?任何帮助将不胜感激。
由于您使用的是clientId和ClientSecret,所以我认为您需要更改客户端配置以使用GrantTypes.ClientCredentials,而不是GrantTypes.Implicit。
更改:
AllowedGrantTypes = GrantTypes.Implicit,
收件人
AllowedGrantTypes = GrantTypes.ClientCredentials,