IdentityServer4和代码与PKCE测试与Postman。

问题描述 投票:0回答:1

我正在开始使用IdentityServer4,我通过资源所有者流来完成,但由于它不再被推荐,PKCE是,我决定改变它。我得到了下面的错误信息,这很明显,因为我不再使用 GrantTypes.ResourceOwnerPassword.

fail: IdentityServer4.Validation.TokenRequestValidator[0]
      Client not authorized for resource owner flow, check the AllowedGrantTypes setting{ client_id = trusted }, details: {
        "ClientId": "trusted",
        "ClientName": "Dayum Client",
        "GrantType": "password",
        "Raw": {
          "grant_type": "password",
          "username": "Admin",
          "password": "***REDACTED***",
          "scope": "openid profile offline_access api1",
          "client_id": "trusted"
        }
      }

因为是新的,所以找不到太多信息,但是我应该怎么用邮递员测试呢?我曾经用资源所有者流做过以下工作。

POST http://localhost:58508/connect/token
grant_type = password
username=Admin
password=123456
scope=openid profile offline_access api1
client_id=trusted

我知道我不能再用PKCE代码来测试了 如何申请访问和刷新令牌,如何用Postman测试?

Code的。

public static class Config
{
    public static IEnumerable<IdentityResource> GetResources() =>
        new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile()
        };

    public static IEnumerable<ApiResource> GetApis() =>
        new List<ApiResource>
        {
            new ApiResource("api1", "My API")
        };

    public static IEnumerable<Client> GetClients() =>
        new List<Client>
        {
            new Client
            {
                ClientId = "trusted",
                ClientName = "Dayum Client",
                //ClientSecrets = { new Secret("xxxxxxxxxxxxxxxxxxxxxxx".Sha256()) },

                RequireConsent = false,
                RequireClientSecret = false,
                AllowedGrantTypes = GrantTypes.Code,
                RequirePkce = true,

                AllowAccessTokensViaBrowser = true,
                RedirectUris = { "http://localhost:58508" },
                PostLogoutRedirectUris = { "http://localhost:58508" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.OfflineAccess,
                    "api1"
                },

                AccessTokenType = AccessTokenType.Jwt,  
                AccessTokenLifetime = 900,

                AllowOfflineAccess = true,
                RefreshTokenExpiration = TokenExpiration.Absolute,
                RefreshTokenUsage = TokenUsage.OneTimeOnly,
                AbsoluteRefreshTokenLifetime = 1800
            }
        };
}

public class Startup
{
    public IWebHostEnvironment Environment { get; }
    public IConfiguration Configuration { get; }

    public Startup(IWebHostEnvironment environment, IConfiguration configuration)
    {
        Environment = environment;
        Configuration = configuration;
    }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllersWithViews();

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(Configuration["ConnectionStrings:DayumConnection"],
                optionsBuilder => optionsBuilder.MigrationsAssembly(typeof(ApplicationDbContext).Assembly.FullName)));

        services.AddIdentity<ApplicationUser, IdentityRole>(options =>
        {
            options.Password.RequireDigit = false;
            options.Password.RequireLowercase = false;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireUppercase = false;
            options.Password.RequiredLength = 6;
        })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        services.AddIdentityServer(options =>
        {
            options.Events.RaiseErrorEvents = true;
            options.Events.RaiseInformationEvents = true;
            options.Events.RaiseFailureEvents = true;
            options.Events.RaiseSuccessEvents = true;
        })
            .AddSigningCredential(new X509Certificate2(Configuration["Certificates:Default:Path"], Configuration["Certificates:Default:Password"]))
            .AddConfigurationStore(options =>
            {
                options.ConfigureDbContext = builder => builder.UseSqlServer(Configuration["ConnectionStrings:DayumConnection"],
                    optionsBuilder => optionsBuilder.MigrationsAssembly(typeof(ApplicationDbContext).Assembly.FullName));
            })
            .AddOperationalStore(options =>
            {
                options.ConfigureDbContext = builder => builder.UseSqlServer(Configuration["ConnectionStrings:DayumConnection"],
                    optionsBuilder => optionsBuilder.MigrationsAssembly(typeof(ApplicationDbContext).Assembly.FullName));

                options.EnableTokenCleanup = true;
            })
            .AddProfileService<ProfileService>()
            .AddAspNetIdentity<ApplicationUser>();
    }

    public void Configure(IApplicationBuilder app)
    {
        using (var serviceScope = app.ApplicationServices.GetService<IServiceScopeFactory>().CreateScope())
        {
            serviceScope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();

            var context = serviceScope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
            context.Database.Migrate();
            if (!context.Clients.Any())
            {
                foreach (var client in Config.GetClients())
                {
                    context.Clients.Add(client.ToEntity());
                }
                context.SaveChanges();
            }

            if (!context.IdentityResources.Any())
            {
                foreach (var resource in Config.GetResources())
                {
                    context.IdentityResources.Add(resource.ToEntity());
                }
                context.SaveChanges();
            }

            if (!context.ApiResources.Any())
            {
                foreach (var resource in Config.GetApis())
                {
                    context.ApiResources.Add(resource.ToEntity());
                }
                context.SaveChanges();
            }
        }

        if (Environment.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseRouting();

        app.UseIdentityServer();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "MyArea",
                pattern: "{area:exists}/{controller=Home}/{action=Index}/{id?}");

            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
        });
    }
}
c# asp.net-core identityserver4 asp.net-core-3.1
1个回答
0
投票

首先是PKCE对OAuth 2.0的支持在最新版本的Postman应用中可用(v7.23.0),请将你的Postman更新到最新版本。

然后在 Authorization 头,设置 TypeOAuth2 并点击 Get New Access Token 按钮 Grant TypeAuthorization code(With PKCE) 并设置endpointsclient信息如下。

enter image description here

并且 Auth urlAccess Token Url 是你的身份服务器4的端点,并替换为你的身份服务器4的端点。Callback url 作为你的客户端应用的重定向url。我注意到在你的代码中,你设置了相同的endpointurl host(http:/localhost:58508)在身份服务器和客户端,请根据您的实际需求进行修改。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.