oauth-2.0 为什么在Postman中可以获得我的访问令牌,而在我的代码中却不行?

ryevplcw  于 2022-10-31  发布在  Postman
关注(0)|答案(1)|浏览(389)

我已经实现了Identity Server 4来进行OAuth身份验证,当我在Postman中发出身份验证请求时,它工作正常(我收到了AccessToken、Token Type、id_token、expires_in等),并且可以使用访问令牌来访问我的受保护API。但是,当我尝试在代码中执行此操作时,我以错误“invalid_grant”结束。
为什么在Postman中可以工作,但在代码中调用时却不行?
我的过程如下:
1.通过将患者ID和GUID保存到数据库,进行API调用以设置患者上下文。GUID是我的“启动”值。
1.我调用了一个自定义/auth端点,因为它需要额外的参数(“启动”),用于维护上下文(患者的id值),传入ID 4/connect/authorize/的所有必需参数。
例如,https://IDS4.azurewebsites.net/auth2?client_id=client&response_type=code&scope=openid配置文件myAPI和客户端密码=密码和状态= 1234567890api.location.comtest.azurewebsites.net/auth
此端点会将'state'的值与数据库中的'launch'相关联,以维护上下文。
1.上面的端点然后调用IDS 4/connect/authorize/ endpoint,传入适当的值。在auth管道中,我然后再次将“sessionId”与“state”关联以维护上下文。

  1. IDS 4/connect/authorize/ endpoint会如预期般传回受权码、范围、状态和session_state。
    1.在上面的'authorize'调用中指定的redirectURI的Get中,我获取授权代码并执行到ID 4/connect/token端点的标准post。
    1.响应为“invalid_grant”
    所有这些在Postman中都适用。
    我已经尝试更改我的客户端的AllowedGrantTypes,但我认为“authorization_code”是一个可以坚持的。我使用GrantTypes枚举。以下是我的客户端配置:
  1. new Client
  2.             {
  3.                 ClientId = "client",
  4.                 ClientSecrets = { new Secret("secret".Sha256()) },
  6.                 //RequireClientSecret = false, //false is default
  8.                 RequirePkce = false, //to prevent 'code challenge required' message from appearing when using 'Code'
  10.                 AllowedGrantTypes = GrantTypes.Code ,//{ "code", "authorization_code" },// 
  12.                 // where to redirect to after login
  13.                 RedirectUris = { "https://IDS4.azurewebsites.net/signin-oidc", "https://test.azurewebsites.net/auth",
  14.                 "https://test.azurewebsites.net/token", "https://IDS4.azurewebsites.net/Account/Login"  },
  16.                 // where to redirect to after logout
  17.                 PostLogoutRedirectUris = { "https://IDS4.azurewebsites.net/signout-callback-oidc" },
  19.                 AllowedScopes = new List<string>
  20.                 {
  21.                     IdentityServerConstants.StandardScopes.OpenId,
  22.                     IdentityServerConstants.StandardScopes.Profile,   
  23.                     "myAPI"
  24.                 }
  25.             }

我的启动代码:

  1. public void ConfigureServices(IServiceCollection services)
  2.     {
  3.         services.AddControllersWithViews();
  5.         services.AddDbContextPool<AppDbContext>(options =>
  6.                 options.UseSqlServer(Configuration.GetConnectionString("DBConnection")));
  8.         var builder = services.AddIdentityServer()
  9.             .AddInMemoryIdentityResources(Config.IdentityResources)
  10.             .AddInMemoryApiScopes(Config.ApiScopes)
  11.             .AddInMemoryClients(Config.Clients)
  12.             .AddTestUsers(TestUsers.Users)
  13.             .AddCustomTokenRequestValidator<CustomTokenRequestValidator>()
  14.             .AddCustomAuthorizeRequestValidator<CustomAuthorizeRequestValidator>();
  16.         builder.AddDeveloperSigningCredential();
  18.         services.AddAuthentication()
  19.             .AddGoogle("Google", options =>
  20.             {
  21.                 options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
  23.                 options.ClientId = "<insert here>";
  24.                 options.ClientSecret = "<insert here>";
  25.             });
  27.         services.AddMvc()
  28.             .SetCompatibilityVersion(CompatibilityVersion.Version_3_0).AddXmlSerializerFormatters()
  29.             .AddMvcOptions(options => options.EnableEndpointRouting = false);
  31.         services.AddScoped<IDebugRepository, SQLDebugRepository>();
  32.         services.AddScoped<IPatientContextRepository, SQLPatientContextRepository>();
  33.         services.AddScoped<IClinicAccessRepository, SQLClinicAccessRepository>();
  34.     }
  36.     public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
  37.     {
  38.         if (env.IsDevelopment())
  39.         {
  40.             app.UseDeveloperExceptionPage();
  41.         }
  43.         app.UseCookiePolicy(new CookiePolicyOptions
  44.         {
  45.             HttpOnly = HttpOnlyPolicy.None,
  46.             MinimumSameSitePolicy = SameSiteMode.None,
  47.             Secure = CookieSecurePolicy.Always
  48.         });
  50.         app.UseStaticFiles();
  51.         app.UseRouting();
  53.         app.UseIdentityServer();
  54.         app.UseAuthorization();
  56.         app.UseEndpoints(endpoints =>
  57.         {
  58.             endpoints.MapDefaultControllerRoute();
  59.         });
  61.     }

这就是我如何在Auth Get中对/connect/Token端点执行POST:

  1. [HttpGet]
  2.         public async Task<string> Get(string code, string scope, string state, string session_state)
  3.         {
  5.         try
  6.         {
  7.             //AuthResponseModel arm = new AuthResponseModel
  8.             //{
  9.             //    code = code,
  10.             //    scope = scope,
  11.             //    state = state,
  12.             //    session_state = session_state
  13.             //};
  15.             string grant_type = "authorization_code";
  16.             string redirect_uri = "https://test.azurewebsites.net/token"; //sends the token back to requestor
  17.             string client_id = "client"; //current stable testing client
  18.             string baseAddress = $"https://IDS4.azurewebsites.net/connect/token";
  19.             string client_secret = "secret";
  21.             var client = new HttpClient();
  22.             client.BaseAddress = new Uri($"https://IDS4.azurewebsites.net/");
  23.             var content = new FormUrlEncodedContent(new[]
  24.             {
  25.                 new KeyValuePair<string, string>("client_id", client_id),
  26.                 new KeyValuePair<string, string>("client_secret", client_secret),
  27.                 new KeyValuePair<string, string>("grant_type", grant_type),
  28.                 new KeyValuePair<string, string>("code", code),
  29.                 new KeyValuePair<string, string>("redirect_uri", redirect_uri)
  30.               });
  32.             client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
  34.             var res = await client.PostAsync(baseAddress, content);
  35.             var resp = await res.Content.ReadAsStringAsync();
  36.             return resp;
  38.         }
  39.         catch (Exception ex)
  40.         {
  41.             return  ex.Message + Environment.NewLine + ex.StackTrace ;
  42.         }
  43.     }

有一件事我还没有尝试设置一个签名证书。我想 Postman 使用一个内部证书,我需要接受,但它是如此之久,我不太记得如果我这样做或没有。我会认为,一个失踪的证书会给我带来问题之前,现在,但它是我正在调查的事情。
此外,只是一个说明-我已经测试了令牌重定向,它是工作的。
这是:

  1. [Controller]
  2. [Route("Token")]
  3. [AllowAnonymous]
  4. public class TokenController : Controller
  5. {
  7.     [HttpPost]
  8.     public string Post([FromForm] string access_token,
  9.                         [FromForm] string token_type,
  10.                         [FromForm] string expires_in,
  11.                         [FromForm] string scope,
  12.                         [FromForm] string patient,
  13.                         [FromForm] string id_token,
  14.                         [FromForm] string oceanSharedEncryptionKey)
  15.     {
  16.         TokenResponseModel token = new TokenResponseModel
  17.         {
  18.             access_token = access_token,
  19.             expires_in = expires_in,
  20.             id_token = id_token,
  21.             patient = patient,
  22.             scope = scope,
  23.             token_type = token_type
  24.         };
  25.         string rslt = JsonConvert.SerializeObject(token);
  26.         return rslt;
  27.     }
  29.     public string Get( string test1)
  30.     {
  31.         return test1;
  32.     }
  33. }
oauth-2.0

1条答案

按热度按时间
mrzz3bfm

mrzz3bfm1#

您需要提供授权类型。您可以在此处找到案例的文档-https://docs.identityserver.io/en/latest/topics/grant_types.html
我有一个类似的实现,我在postman中使用客户端凭据,在代码中使用密码。

  1. private async Task<string> GetNewAccessTokenAsync()
  2.         {
  3.             var postMessage = new Dictionary<string, string>
  4.         {
  5.                 {"client_id", "Client ID goes here"},
  6.                 {"client_secret","Client secret goes here" },
  7.                 {"scope","User.Read" },
  9.                 {"grant_type", "password"},
  10.                 {"username", "Username goes here"},
  11.                 {"password", "Password goes here"}
  13.         };
  15.             var client1 = new HttpClient();
  16.             var response = await client1.PostAsync("https://login.microsoftonline.com/{{id}}/oauth2/v2.0/token", new FormUrlEncodedContent(postMessage));
  18.             // return response.ReasonPhrase;
  19.             if (response.IsSuccessStatusCode)
  20.             {
  21.                 var json = response.Content.ReadAsStringAsync();
  23.                 return json.Result;
  24.             }
  25.             return "";
  27.         }

如果对你有用,请在答案上做记号。

展开查看全部
赞(0)分享  回复(0)举报  2022-10-31
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com