首页 文章

将Xamarin客户端连接到Identity Server4

提问于
浏览
2

我正在尝试将本机移动应用程序(xamarin)连接到Identity Server . 我最初设定流程是隐含的,我被告知它是不正确的 . 因此我改变了它的授权代码流程 .

这是我的客户端定义的样子

new Client
     {
         ClientId = "Xamarin",
         ClientName = "Xamarin Client",
         AllowedGrantTypes = GrantTypes.Code,
         AllowAccessTokensViaBrowser = true,
         RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
         PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
         AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
         AllowedScopes =
           {
              StandardScopes.OpenId.Name,
              StandardScopes.Profile.Name,
              "api1"
           },
         RequireConsent = false
      }

从我的xamarin应用程序,这是我连接到身份服务器的方式 .

void LoginButton_Clicked(object sender, EventArgs e)
    {
        StartFlow("token", "api1");
    }

    public void StartFlow(string responseType, string scope)
    {
        var authorizeRequest =
            new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");


        var dic = new Dictionary<string, string>();
        dic.Add("client_id", "Xamarin");
        dic.Add("response_type", responseType);
        dic.Add("scope", scope);
        dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
        dic.Add("nonce", Guid.NewGuid().ToString("N"));


        _currentCSRFToken = Guid.NewGuid().ToString("N");
        dic.Add("state", _currentCSRFToken);

        var authorizeUri = authorizeRequest.Create(dic);
        webLogin.Source = authorizeUri;
        webLogin.IsVisible = true;
    }

我在移动应用程序中收到错误“unauthorized_client”,并在我的服务器日志中显示:

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
  Invalid grant type for client: implicit
  {
    "ClientId": "Xamarin",
    "ClientName": "Xamarin Client",
    "RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
    "AllowedRedirectUris": [
      "http://xx.xx.xx.xx/signin-oidc"
    ],
    "SubjectId": "anonymous",
    "ResponseType": "token",
    "ResponseMode": "fragment",
    "GrantType": "implicit",
    "RequestedScopes": "",
    "State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
    "Raw": {
      "client_id": "Xamarin",
      "response_type": "token",
      "scope": "api1",
      "redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
      "nonce": "49f21e8873d744bea76f6f00ebae3eb4",
      "state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
    }
  }
  fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
  Request validation failed
  info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
  {
    "ClientId": "Xamarin",
    "ClientName": "Xamarin Client",
    "RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
    "AllowedRedirectUris": [
      "http://xx.xx.xx.xx/signin-oidc"
    ],
    "SubjectId": "anonymous",
    "ResponseType": "token",
    "ResponseMode": "fragment",
    "GrantType": "implicit",
    "RequestedScopes": "",
    "State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
    "Raw": {
      "client_id": "Xamarin",
      "response_type": "token",
      "scope": "api1",
      "redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
      "nonce": "49f21e8873d744bea76f6f00ebae3eb4",
      "state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
    }
  }

但是,如果你检查我的代码我没有这种客户端类型的隐含流程 . 我已经仔细检查了我的数据库,以确保它是authorization_code . 如果有人能帮助我解决这个问题我很感激 .

xamarin oauth openid identityserver3 identityserver4

1 回答

  • 3

    它看起来好像idsrv4目前不支持 codecode tokencode id_token tokenresponse_type - 只有 code id_token . 尝试使用 server.code 客户端尝试测试客户端和 /authorize 请求时,至少当前演示站点失败 .

    我发现与授权代码相关的唯一工作客户端是混合设置( code id_token / server.hybrid ):

    https://demo.identityserver.io/connect/authorize?
  client_id=server.hybrid&
  response_type=code id_token&
  response_mode=fragment&
  redirect_uri=https://notused&
  scope=openid api&
  state=1&
  nonce=2

    不知道为什么会这样,因为它已经在发现文件的 supported_response_types 列表中 . 也许Dominic / Brock可以填写 .

    "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],

    非工作代码流auth请求( unsupported_response_type ):

    https://demo.identityserver.io/connect/authorize?
  client_id=server.code&
  response_type=code&
  response_mode=fragment&
  redirect_uri=https://notused&
  scope=openid api&
  state=1&
  nonce=2
    回复于

相关问题