ASP.NET Core 上的 Identity Server 中的自签名证书错误

问题描述 投票:0回答:1

我目前正在 ASP.NET Core 应用程序中进行 Openiddict 设置,并遇到与自签名证书相关的问题。登录并尝试重定向后,我收到以下错误:

这是我在下一个 js 应用程序中遇到的错误,我在登录并尝试重定向后收到以下错误。

error: {
  message: 'self-signed certificate',
  stack: 'Error: self-signed certificate\n' +
    '    at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)\n' +
    '    at TLSSocket.emit (node:events:514:28)\n' +
    '    at TLSSocket._finishInit (node:_tls_wrap:1070:8)\n' +
    '    at ssl.onhandshakedone (node:_tls_wrap:856:12)\n' +
    '    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)',
  name: 'Error'
},
providerId: 'spa-app',
message: 'self-signed certificate'

Next-Auth 配置:

import type { NextAuthOptions } from "next-auth";

export const options: NextAuthOptions = {
    providers: [
        {
            id: "chirp-spa",
            name: "Chirp SPA cient",
            type: "oauth",
            wellKnown:"https://localhost:7277/.well-known/openid-configuration",
            async profile(profile, tokens) {
                return {
                    id: profile.sub,
                    email: profile.email,
                }
            },
            clientId: process.env.IDENTITY_ID,
            clientSecret: process.env.IDENTITY_SECRET,
        }
    ],
}

Openiddict 配置:

 services.AddOpenIddict()
 .AddCore(options =>
 {
     options.UseEntityFrameworkCore()
            .UseDbContext<ApplicationDbContext>();
 })
 .AddServer(options =>
 {

     // Enable the authorization, logout, token and userinfo endpoints.
     options.SetAuthorizationEndpointUris("connect/authorize")
            .SetLogoutEndpointUris("connect/logout")
            .SetTokenEndpointUris("connect/token")
            .SetUserinfoEndpointUris("connect/userinfo");

     // Mark the "email", "profile" and "roles" scopes as supported scopes.
     options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles);

     // Note: this sample only uses the authorization code flow but you can enable
     // the other flows if you need to support implicit, password or client credentials.
     // Enable the flows you want to support.
     options.AllowAuthorizationCodeFlow()
            .AllowImplicitFlow(); // Only enable the implicit flow if you need it.

     options.AddDevelopmentEncryptionCertificate()
             .AddDevelopmentSigningCertificate();

     // Enable the redirection endpoint.
     options.UseAspNetCore()
            .EnableAuthorizationEndpointPassthrough()
            .EnableTokenEndpointPassthrough()
            .EnableUserinfoEndpointPassthrough();
 })
 .AddValidation(options =>
 {
     options.UseLocalServer();

     // Register the ASP.NET Core host.
     options.UseAspNetCore();
 });

我不确定这个问题的解决方案是什么。该问题似乎可能是由于开发人员签署了证书造成的。有人可以帮助我了解可能导致此问题的原因以及如何解决它吗?

.net-core ssl-certificate next-auth openiddict asp.net-core-7.0
1个回答
0
投票

您的问题与 OpenIddict 或其签名/加密凭证配置(仅用于保护令牌)无关。这是一个典型的 HTTPS/TLS 问题:您的客户端根本不信任您用于 ASP.NET Core 应用程序的自签名证书。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.