我有一个Angular SPA客户端 . 作为资源服务器的Api用于服务SPA,而IdentityServer4用作OAuth2 . 所有这些都在一个码头 Worker 里面 .

Angular正在使用angular-oauth2-oidc插件 .

问题出在发行者uri和Angular或Resource Server上 . 因为docker,ID4 Server得到另一个名称而不是localhost:5000 . 例如:sso:5000 .

因此,当Angular尝试加载发现文档时,会发生错误:发行者无效 .

如果在IdentityServer配置选项中更改了颁发者uri,则资源服务器无法验证JWT令牌,因为资源服务器不知道URI localhost:5000 .

泊坞窗,compose.yml:

version: "3"
services:
    database:
        image: "microsoft/mssql-server-linux"
        environment:
            SA_PASSWORD: "@Password1"
            ACCEPT_EULA: "Y"
        ports:
            - "44274:1433"
    sso:
        image: "jpproject/v1"
        build: 
          context: .
          dockerfile: sso.dockerfile
        ports:
            - "5000:5000"
        depends_on:
            - database
        environment: 
            SQLSERVER_CONNECTION: "Server=database,1433;Initial Catalog=JpProject;Persist Security Info=False;User ID=sa;Password=@Password1;MultipleActiveResultSets=False;Connection Timeout=30;"
            ASPNETCORE_ENVIRONMENT: "Development"
            ISSUER_URI: "http://localhost:5000"
    user-management-api:
        build: 
          context: .
          dockerfile: user-management.dockerfile
        ports:
            - "5003:5003"
        depends_on:
            - database
            - sso
        environment: 
            SQLSERVER_CONNECTION: "Server=database,1433;Initial Catalog=JpProject;Persist Security Info=False;User ID=sa;Password=@Password1;MultipleActiveResultSets=False;Connection Timeout=30;"
            ASPNETCORE_ENVIRONMENT: "Development"
            AUTHORITY: "http://localhost:5000"
    user-management-ui:
        container_name: user-management-ui
        build: 
          context: .
          dockerfile: ui-user-management.dockerfile
        ports:
            - 4200:80

有一种方法可以告诉docker使用localhost而不是hostname . 或者是在Api和SPA之间拥有相同发行人的最佳方式 .