我目前正在 ASP.NET Core 应用程序中进行 Openiddict 设置,并遇到与自签名证书相关的问题。登录并尝试重定向后,我收到以下错误:
这是我在下一个 js 应用程序中遇到的错误,我在登录并尝试重定向后收到以下错误。
error: {
message: 'self-signed certificate',
stack: 'Error: self-signed certificate\n' +
' at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)\n' +
' at TLSSocket.emit (node:events:514:28)\n' +
' at TLSSocket._finishInit (node:_tls_wrap:1070:8)\n' +
' at ssl.onhandshakedone (node:_tls_wrap:856:12)\n' +
' at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)',
name: 'Error'
},
providerId: 'spa-app',
message: 'self-signed certificate'
Next-Auth 配置:
import type { NextAuthOptions } from "next-auth";
export const options: NextAuthOptions = {
providers: [
{
id: "chirp-spa",
name: "Chirp SPA cient",
type: "oauth",
wellKnown:"https://localhost:7277/.well-known/openid-configuration",
async profile(profile, tokens) {
return {
id: profile.sub,
email: profile.email,
}
},
clientId: process.env.IDENTITY_ID,
clientSecret: process.env.IDENTITY_SECRET,
}
],
}
Openiddict 配置:
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
.AddServer(options =>
{
// Enable the authorization, logout, token and userinfo endpoints.
options.SetAuthorizationEndpointUris("connect/authorize")
.SetLogoutEndpointUris("connect/logout")
.SetTokenEndpointUris("connect/token")
.SetUserinfoEndpointUris("connect/userinfo");
// Mark the "email", "profile" and "roles" scopes as supported scopes.
options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles);
// Note: this sample only uses the authorization code flow but you can enable
// the other flows if you need to support implicit, password or client credentials.
// Enable the flows you want to support.
options.AllowAuthorizationCodeFlow()
.AllowImplicitFlow(); // Only enable the implicit flow if you need it.
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
// Enable the redirection endpoint.
options.UseAspNetCore()
.EnableAuthorizationEndpointPassthrough()
.EnableTokenEndpointPassthrough()
.EnableUserinfoEndpointPassthrough();
})
.AddValidation(options =>
{
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
我不确定这个问题的解决方案是什么。该问题似乎可能是由于开发人员签署了证书造成的。有人可以帮助我了解可能导致此问题的原因以及如何解决它吗?
您的问题与 OpenIddict 或其签名/加密凭证配置(仅用于保护令牌)无关。这是一个典型的 HTTPS/TLS 问题:您的客户端根本不信任您用于 ASP.NET Core 应用程序的自签名证书。