一切似乎都很正常,但无法正常工作,它返回“ Invalid_Client”-(400-错误的请求)。双方都这么简单;
身份服务器代码:
new Client
{
ClientId = "js",
ClientSecrets = {
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
RequireClientSecret = false,
AllowedScopes =
{
"api1"
}
}
Javascript客户端代码:
axios.post('http://localhost:5000/connect/token',request, {
headers: {
'client_id' : 'js',
'client_secret' : 'secret',
'grant_type': 'client_credentials',
'scope' : 'api1'
}});
参数应在请求正文而不是请求标头中传递,您可以将客户端脚本修改为:
const params = new URLSearchParams();
params.append('client_id', 'js');
params.append('client_secret', 'secret');
params.append('grant_type', 'client_credentials');
params.append('scope', 'api1');
axios.post('http://localhost:5000/connect/token', params, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
}
}).then(function (response) {
console.log(response.data);
});
并且还配置CORS是在客户端配置上使用AllowedCorsOrigins集合:
new Client
{
ClientId = "js",
ClientSecrets = {
new Secret("secret".Sha256())
},
AllowedCorsOrigins= new List<string>() { "http://localhost:5002" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
RequireClientSecret = false,
AllowedScopes =
{
"api1"
}
},