我在 .net 8 webapi 中使用多个身份验证(Cookie、OIDC、JWT)。当我仅添加对 Microsoft.IdentityModel.JsonWebTokens 的引用时,我收到以下错误。
错误
无法重定向到授权端点,配置可能 缺失或无效。
WebApi.csproj
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<InvariantGlobalization>false</InvariantGlobalization>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="IdentityModel" Version="6.2.0" />
<PackageReference Include="AspNetCore.HealthChecks.UI.Client" Version="8.0.0" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.3" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.3" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.3" />
<PackageReference Include="Hangfire.AspNetCore" Version="1.8.11" />
<PackageReference Include="Hangfire.Core" Version="1.8.11" />
<PackageReference Include="Hangfire.SqlServer" Version="1.8.11" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.3" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.3" />
<PackageReference Include="Serilog" Version="3.1.1" />
<PackageReference Include="Serilog.AspNetCore" Version="8.0.1" />
<PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
<PackageReference Include="Serilog.Formatting.Compact" Version="2.0.0" />
<PackageReference Include="Serilog.Settings.Configuration" Version="8.0.0" />
<PackageReference Include="Serilog.Sinks.Console" Version="5.0.1" />
<PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.0" />
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.0" />
</ItemGroup>
</Project>
认证配置
services.AddAuthentication(sharedOptions =>
{
//sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
//sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
var oidc = new OidcOptions();
configuration.GetSection(OidcOptions.Key).Bind(oidc);
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Scope.Clear();
oidc.Scopes.ForEach(options.Scope.Add);
options.Authority = oidc.Authority;
options.ClientId = oidc.ClientId;
options.ClientSecret = oidc.ClientSecret;
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async context =>
{
var authEndpoint = context.ProtocolMessage.IssuerAddress;
// Debug or log the authEndpoint here to inspect its value
await Task.CompletedTask;
}
};
});
由于某种原因,中间件中未设置发行者 URL。但只有当我添加 Jwt 依赖项时。
问题在于 Microsoft.AspNetCore.Authentication.OpenIdConnect 8.0.3 引用了 Microsoft.IdentityModel.Protocols.OpenIdConnect 7.1.2。这引用了 Microsoft.IdentityModel.JsonWebTokens 版本 7.1.2。
解决方法是直接添加对 Microsoft.IdentityModel.Protocols.OpenIdConnect 7.5.0 的引用。现在我可以使用 Microsoft.IdentityModel.JsonWebTokens 7.5.0 包。
Github 问题: