code_challenge 缺少 IdentityServer4 (v4.1.2) Mvc 客户端
Posted
技术标签:
【中文标题】code_challenge 缺少 IdentityServer4 (v4.1.2) Mvc 客户端【英文标题】:code_challenge is missing IdentityServer4 (v4.1.2) Mvc Client 【发布时间】:2021-06-26 07:48:52 【问题描述】:我想在我的应用程序中使用Hybrid flow。我什至在客户端配置中将RequirePkce 设置为false。我仍然收到错误code_challenge is missing
客户端配置
new Client
ClientId = "mvc",
ClientName = "MVC Client",
ClientSecrets = new List<Secret>
new Secret("secret".Sha256())
,
ClientUri = $"clientsUrl["Mvc"]",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowAccessTokensViaBrowser = false,
RequirePkce = false,
RequireConsent = false,
AllowOfflineAccess = true,
AlwaysIncludeUserClaimsInIdToken = true,
RedirectUris = new List<string>
$"clientsUrl["Mvc"]/signin-oidc"
,
PostLogoutRedirectUris = new List<string>
$"clientsUrl["Mvc"]/signout-callback-oidc"
,
AllowedScopes = new List<string>
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"things",
"rules"
,
AccessTokenLifetime = 60*60*2, // 2 hours
IdentityTokenLifetime= 60*60*2 // 2 hours
MVC 客户端
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
)
.AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
.AddOpenIdConnect(options =>
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = identityUrl.ToString();
options.SignedOutRedirectUri = callBackUrl.ToString();
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.UsePkce = false;
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.RequireHttpsMetadata = false;
options.Scope.Add("openid");
options.Scope.Add("profile");
);
【问题讨论】:
【参考方案1】:您正在使用代码流,我认为它需要 PKCE?
options.ResponseType = "code id_token";
【讨论】:
以上是关于code_challenge 缺少 IdentityServer4 (v4.1.2) Mvc 客户端的主要内容,如果未能解决你的问题,请参考以下文章
text IdentitéreliéeàOpenKeychain