我正在尝试将本机移动应用程序(xamarin)连接到Identity Server . 我最初设定流程是隐含的,我被告知它是不正确的 . 因此我改变了它的授权代码流程 .
这是我的客户端定义的样子
new Client
{
ClientId = "Xamarin",
ClientName = "Xamarin Client",
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
"api1"
},
RequireConsent = false
}
从我的xamarin应用程序,这是我连接到身份服务器的方式 .
void LoginButton_Clicked(object sender, EventArgs e)
{
StartFlow("token", "api1");
}
public void StartFlow(string responseType, string scope)
{
var authorizeRequest =
new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");
var dic = new Dictionary<string, string>();
dic.Add("client_id", "Xamarin");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
webLogin.Source = authorizeUri;
webLogin.IsVisible = true;
}
我在移动应用程序中收到错误“unauthorized_client”,并在我的服务器日志中显示:
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: implicit
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
但是,如果你检查我的代码我没有这种客户端类型的隐含流程 . 我已经仔细检查了我的数据库,以确保它是authorization_code . 如果有人能帮助我解决这个问题我很感激 .
1 回答
它看起来好像idsrv4目前不支持
code
,code token
和code id_token token
为response_type
- 只有code id_token
. 尝试使用server.code
客户端尝试测试客户端和/authorize
请求时,至少当前演示站点失败 .我发现与授权代码相关的唯一工作客户端是混合设置(
code id_token
/server.hybrid
):不知道为什么会这样,因为它已经在发现文件的
supported_response_types
列表中 . 也许Dominic / Brock可以填写 .非工作代码流auth请求(
unsupported_response_type
):