有两个微服务，一个ocelot网关，一个web客户端和一个授权服务器（https://github.com/skoruba/Duende.IdentityServer.Admin）。我想检查网关上的授权。

网关配置在ocelot.json中注册

{
  "GlobalConfiguration": {
    "BaseUrl": "https://localhost:7280"
  },
  "Routes": [
    {
      "UpstreamPathTemplate": "/Operations/{everything}", 
      "UpstreamHttpMethod": [ "Get" ],
      "DownstreamPathTemplate": "/Operations/{everything}", 
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 7193
        }
      ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "Bearer", 
        "AllowedScopes": [ "apiGateWay" ]
      }
    },

字符串

启动

.ConfigureServices(s => {

            var authenticationProviderKey = "Bearer";
            Action<JwtBearerOptions> options = (opt) =>
            {
                opt.Authority = "https://sts.skoruba.local";
                opt.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false
                };
            };
            s.AddAuthentication()
                .AddJwtBearer(authenticationProviderKey, options);
            s.AddOcelot();

型

Web客户端我在Web客户端上执行请求

[Route("index2")]
        public async Task<string> Index2Async(int id)
        {
            var text = "empty";
                       
            var token = await _tokenService.GetToken("apiGateWay");
            using (var client = new HttpClient())
            {
                client.SetBearerToken(token.AccessToken);
                text = await client.GetStringAsync("https://localhost:7280/Operations/index");
            }

            return text;
        }

        public async Task<TokenResponse> _tokenService.GetToken(string scope)
        {
            using (var client = new HttpClient())
            {
                var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
                {
                    Address = _discDocument.TokenEndpoint,
                    ClientId = "web",
                    Scope = scope,
                    ClientSecret = "secret"
                });
                if (tokenResponse.IsError)
                {
                    throw new Exception("Token Error");
                }
                return tokenResponse;
            }
        }

型
这就是一切工作的方式，请求被传递到所需的服务
但是我希望Web客户端的用户得到授权，所以我这样做了。
1.在Web客户端Program.cs上

builder.Services.AddAuthentication(config =>
        {
            config.DefaultScheme = "Cookie";
            config.DefaultChallengeScheme = "oidc";
        })
        .AddCookie("Cookie")
        .AddOpenIdConnect("oidc", config =>
        {
            config.Authority = "https://sts.skoruba.local/";
            config.ClientId = "web";
            config.ClientSecret = "secret";

            config.ResponseType = "id_token token";
            config.SignedOutCallbackPath = "/Home/Index";
            config.SaveTokens = true;

            config.ClaimActions.DeleteClaim("amr");
            config.ClaimActions.DeleteClaim("s_hash");

            config.GetClaimsFromUserInfoEndpoint = true;

            // configure scope
            config.Scope.Add("openid");
            config.Scope.Add("profile");
            config.Scope.Add("roles");
            config.Scope.Add("apiGateWay");
          });

型
1.我将[Authorize]添加到身份服务器中的授权页面的控制器，它重定向到那里，我成功登录。但使用此令牌调用请求等待客户端。GetStringAsync（“https：//localhost：7280/Operations/index”）;我得到401错误

[Authorize]
        [Route("index3")]
        public async Task<string> Index3Async(int id)
        {
            var text = "empty";
            
            var accessToken = await AuthenticationHttpContextExtensions.GetTokenAsync(
    HttpContext, OpenIdConnectParameterNames.AccessToken);

            using (var client = new HttpClient())
            {
                client.SetBearerToken(accessToken);

                text = await client.GetStringAsync("https://localhost:7280/Operations/index");
            }

            return text;
        }

型

一些身份服务器设置，如果您需要其他设置，请告诉我x1c 0d1xx 1c 1d 1x

我做错了什么？