indetityserver4-implicitgranttypes-请求流程叙述
Posted 850391642c
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了indetityserver4-implicitgranttypes-请求流程叙述相关的知识,希望对你有一定的参考价值。
说明:使用项目代码是这个,做了一点体力活:将 implicit grant types(简化授权类型)的页面跳转流程抓了个包。
QuickstartIdentityServer 项目的发布地址:127.0.0.1:5000
MvcClient 项目的发布地址:127.0.0.1:5002
下面的顺序按照implicit grant types 走下来的,0步骤会在 MvcClient 第一次获取identity server信息时发生,所以在获取到配置信息后,正常的流程是1-9。
0 获取 identity Server 认证、授权配置信息
GET 127.0.0.1:5000/.well-known/openid-configuration
HTTP/1.1 200 OK
{"issuer":"http://127.0.0.1:5000","jwks_uri":"http://127.0.0.1:5000/.well-known/openid-configuration/jwks","authorization_endpoint":"http://127.0.0.1:5000/connect/authorize","token_endpoint":"http://127.0.0.1:5000/connect/token","userinfo_endpoint":"http://127.0.0.1:5000/connect/userinfo","end_session_endpoint":"http://127.0.0.1:5000/connect/endsession","check_session_iframe":"http://127.0.0.1:5000/connect/checksession","revocation_endpoint":"http://127.0.0.1:5000/connect/revocation","introspection_endpoint":"http://127.0.0.1:5000/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["openid","profile","api1","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit","password"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}
-----------------
GET /.well-known/openid-configuration/jwks
HTTP/1.1 200 OK
{"keys":[{"kty":"RSA","use":"sig","kid":"bd30634bfbca33e60053095763302f84","e":"AQAB","n":"ox765ltEHzAQPG4rNR722wh_iWoDkZX8L9ML8QmIIugQxHNH4A8bc2-lWl6q--sxI5bWygDDn3YONiPdnuZHgM6cX0FX_fDg0le9aGBAt2sQdzlZzs51nMfgyiNv1lspzjRlKQeOKfk7tbOBbw8JRDZcudx0DrIx2JWc6eLcHXnGRw_BcaSBkhXVYg6YoCe9JrKSQe0Rnen574C2Oo7hZTDS3U1ol4qFPMBDT6QgbWT0qTEYfqOWhxNrufX7ypEaV85k3gJlL-n3AKh0jtOeYlxbnTtRYfoojpjw4bxat5sS9k-VoFMUf9eZBgSrlAL5aMwURxyeWG_DRKatYvHR8Q","alg":"RS256"}]}
1 访问客户端受保护的资源
GET 127.0.0.1:5002/Home/Secure Referer: http://127.0.0.1:5002/ HTTP/1.1 302 Found Location: http://127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 #http://127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http://127.0.0.1:5002/signin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0
2 重定向到:请求identity Service 授权
GET 127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1 #connect/authorize?client_id=mvc&redirect_uri=http://127.0.0.1:5002/signin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 Referer: http://127.0.0.1:5002/ HTTP/1.1 302 Found Location: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0
3 重定向到:请求 identity Service 登录页面
GET 127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1 # Referer: http://127.0.0.1:5002/ HTTP/1.1 200 OK <!DOCTYPE html>
4 提交登录表单
POST /account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1 Referer: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 Content-Type: application/x-www-form-urlencoded HTTP/1.1 302 Found Location: /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0
5 重定向到:请求 identity Service 用户同意页面
GET /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1 Referer: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1 200 OK <!DOCTYPE html>
6 提交 用户同意表单
POST /consent HTTP/1.1 Referer: http://127.0.0.1:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 Cache-Control: max-age=0 HTTP/1.1 302 Found Location: /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0
7 重定向到:identity Service 授权回调
GET /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1 Referer: http://127.0.0.1:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 Host: 127.0.0.1:5000 Connection: Keep-Alive Cookie: .AspNetCore.Antiforgery.YjAxvW2xqCo=CfDJ8KjKmIpVmpVHjwkDwUwE7k1xn6W14nk_E0cRvwWveGwSyaaqD7sS2pSTAE43QsB7xRIVuLBsNiOk9ib-83IIDT874ymk3A6Xg9waHRH8csTfVyxtxMbjarHFfTGS29kDMaBbSQITR9Fj_bgjDLgOXaI; idsrv.session=be16971582a80c99fd0286310cf00363; idsrv=CfDJ8KjKmIpVmpVHjwkDwUwE7k34O8JeSGKhYR40MCwGcWlElGczJ732hBb7D-VSzKh9gz7xwxW0ysAaweb6KafSkOgi4bXHY62o2msxzeoWA5E4uh16QUIo1Flh4GSy-c2sSP2aYdS3r2ljpu8G9ntl7RlJI8qNsuDJLb_EUdueHRaATYfNAJ7BU-N8XnJ87mYPb6CV3HBsUSdjABbPu6biVyI7Spr7BHcHyzbfnUgcxuW63og135jhr-_cmQuFlPVb61xTNcafm4OAYa3ter29I3qj1yZfNQDMqXzwtRaRWMrrFPe4eOZD5daaF8YXT5rzBLZRpZM-bJw9m5SI5FGapVlM4mFhH-bb9BWXrRxIKj-04WRMiBiXxycInIlcbHuRLwNgzCSPIIKCk79UT5gYQfrC1u-ejKoIAMfokdKVtr4dTiiMZMumR2gk-hYExy1q1X2--Z1Vf_lpMGApx5rveg8eb3mhWJi9p8PGWjjCFKqL; ConsentResponse.NEqTdfMa_qlc7u3gFoMYkmGSvsJLSjso3mzLtAL8o1I=CfDJ8KjKmIpVmpVHjwkDwUwE7k2k-7mmBieBu5AEPr9OYTHPmI-QCx1hCbPvGGFhcyWBr18UqTyDbwoeGYBTxHTh0GPF5BOI01qvFUA1WN96EqT15dGN9nUPGXojcOhbH7NW3e5qOjx-NkSGZPspg60t5jVwMXslPqx-M5Shpm_6P9wtDMRXWDkMOoR2r1YVc9kiN22oNB7zJBN6yNDeMnYj0KZ-AOSWpL5ZhQb3zUWXSjld6SgBqw2k6zMcp2SCqgUK9W9mP1sgi6QTqfHF1V4-rK0 HTTP/1.1 200 OK Set-Cookie: ConsentResponse.NEqTdfMa_qlc7u3gFoMYkmGSvsJLSjso3mzLtAL8o1I=.; expires=Fri, 31 Dec 1999 16:00:00 GMT; path=/; samesite=lax; httponly Set-Cookie: idsrv=CfDJ8KjKmIpVmpVHjwkDwUwE7k0-F0MNdt22QvDnLb_-24iyo2T0beQ9LLPqzS-bm1UY39QbA5HpuMpDfWZfBfm8SGI1vqcwuL7-4RM03nnMf8fyvUBgp5Qjr7CRyL9I83tIK_lx293vQDlH1T_IcImzhyh5J4WGAXnorJKtvvuVwL8Okxf9SekJ5alVFpoxHEHR4Ok_cltkvf8-gaxMgSHTVCdSaFB4FchmcMSjJjMpxHbM4SqNryH4FnBwfJMekDXxqNIUMn6b8QHkN2Js4n0Vlc26AnTdm8n4yuXuDvB0DfTvtlEi5p6pqO3xJevHC2ZT8ryl7cOIqAQqTe94VB5gl3eob2q0q_H2Lk5ONdLVBNIwv6CsWi8RNlsBslDxcFZl1YzU5CK9rQGPOLUCvx0vv-5Ix_BI959MxGK6e_8jBHhkepKja8h38m-OA2UTNJsdDFfFoH8MsDfks1ytjInmOwgt2Fl7LMthLPWMyNVaIzkapIGNN9XDikwPfuGMAhi2Pg; path=/; httponly Content-Security-Policy: default-src ‘none‘; frame-ancestors http://127.0.0.1:5002; script-src ‘sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=‘; X-Content-Security-Policy: default-src ‘none‘; frame-ancestors http://127.0.0.1:5002; script-src ‘sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=‘; Referrer-Policy: no-referrer <form method=‘post‘ action=‘http://127.0.0.1:5002/signin-oidc‘><input type=‘hidden‘ name=‘id_token‘ value=‘eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkMzA2MzRiZmJjYTMzZTYwMDUzMDk1NzYzMzAyZjg0IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NDAyODYyMDksImV4cCI6MTU0MDI4NjUwOSwiaXNzIjoiaHR0cDovLzEyNy4wLjAuMTo1MDAwIiwiYXVkIjoibXZjIiwibm9uY2UiOiI2MzY3NTg4MjE2MDY3NjkxNzQuTWpOak1XRmhOVEF0WmpVNU9TMDBNMlF4TFdJMU9XSXRPV1l3TUdOaVpHUTBaV0ZrTXpReE5USmpZVGt0Tm1VNU9DMDBaVEpqTFdGbVpEY3RPVGMzTWpZMU5ESTNOR0ptIiwiaWF0IjoxNTQwMjg2MjA5LCJzaWQiOiJiZTE2OTcxNTgyYTgwYzk5ZmQwMjg2MzEwY2YwMDM2MyIsInN1YiI6IjEiLCJhdXRoX3RpbWUiOjE1NDAyODU5NTMsImlkcCI6ImxvY2FsIiwibmFtZSI6IkFsaWNlIiwid2Vic2l0ZSI6Imh0dHBzOi8vYWxpY2UuY29tIiwiYW1yIjpbInB3ZCJdfQ.egapXpCShj07m2ldf1lRxc-5O6eqElpSvmTjQ9clgi1WxtR6Gf_iNhhIwm5aNQv9pSE9cLUwjg7-3XWfrBPKtKPCgC-N_50nKRW3SDct1NGcr6Yw9UAd049glC7B5WbHa2qAfqy8c61IiGA77r6roXNdvyk6jNGc4cLQHKGfPF-7tIN5ipQvFuXEpwWEYSGrjx8cO2_B3Dvd_eCIuD7ZotEEl0gvq1cn3RlKDT9qrPN_AvYqNRkFwDfLW4BgACo3XTX4fp9H6Y0dHdbfkCuA287nIyrH47U-US-7rbUh2vjyAf7GrJgE1iTl7ltr8FTSmjt0gHZJJMFHHq9CKmVBbg‘ /> <input type=‘hidden‘ name=‘scope‘ value=‘openid profile‘ /> <input type=‘hidden‘ name=‘state‘ value=‘CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs‘ /> <input type=‘hidden‘ name=‘session_state‘ value=‘46esjgZEyWUfSUkVvHKy8Opvnq0mmY19WfvOfc9BuLE.78306e80b16a34dd965f55cf78237a2d‘ /> <noscript><button>Click to continue</button></noscript></form><script>(function(){document.forms[0].submit();})();</script>
8 自动提交表单:提交表单到客户端 openid 登录入口
POST /signin-oidc HTTP/1.1 Referer: http://127.0.0.1:5000/connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded HTTP/1.1 302 Found Location: http://127.0.0.1:5002/Home/Secure
9 重定向到:客户端受保护资源
GET /Home/Secure HTTP/1.1 Referer: http://127.0.0.1:5000/connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1 200 OK Date: Tue, 23 Oct 2018 09:16:50 GMT Content-Type: text/html; charset=utf-8 Server: Kestrel Transfer-Encoding: chunked <!DOCTYPE html>
可以参考:
https://identityserver4.readthedocs.io/en/release/index.html
https://aaronparecki.com/oauth-2-simplified/
https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth
如果你们看明白了,而且写成中文可以告诉我,反正我是没怎么明白。
以上是关于indetityserver4-implicitgranttypes-请求流程叙述的主要内容,如果未能解决你的问题,请参考以下文章