我正在尝试在我的 Identity Server 4 上使用 Postman 进行身份验证。它适用于 .Net Code 2,但我最近更新到 .Net Core 3 并进行了调整。我可以打开登录页面,可以登录,但无法正确重定向。停留在登录页面上,每次单击“登录”时,我都会在登录页面上循环。
首先这是我的邮递员设置
当我单击请求令牌时,我会看到此页面
所以我的登录名和密码是正确的,但我一直在这个页面上循环。
这是我的代码:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace Oyg.IdentityServer
{
public class Startup
{
public IWebHostEnvironment Environment { get; }
public Startup(IWebHostEnvironment environment)
{
Environment = environment;
}
public void ConfigureServices(IServiceCollection services)
{
// uncomment, if you want to add an MVC-based UI
services.AddControllersWithViews();
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddDeveloperSigningCredential(persistKey: false)
.AddTestUsers(Config.GetUsers());
// not recommended for production - you need to store your key material somewhere secure
builder.AddDeveloperSigningCredential();
}
public void Configure(IApplicationBuilder app)
{
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// uncomment if you want to add MVC
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
// uncomment, if you want to add MVC
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}
}
}
我也给你我的部分配置
public static IEnumerable<Client> GetClients()
{
return new List<Client>()
{
new Client
{
ClientName = "Postman", //_configuration.GetSection("PostmanClient").GetValue<string>("ClientName"),
ClientId = "f26ee5d6-****.local.app", //_configuration.GetSection("PostmanClient").GetValue<string>("ClientId"),
AllowedGrantTypes = GrantTypes.Code,
AllowOfflineAccess = true,
IdentityTokenLifetime = 60 * 60 * 24,
AccessTokenLifetime = 60 * 60 * 24,
RedirectUris = new List<string>()
{
"https://www.getpostman.com/oauth2/callback"
},
PostLogoutRedirectUris = new List<string>()
{
"https://www.getpostman.com"
},
AllowedCorsOrigins = new List<string>()
{
"https://www.getpostman.com"
},
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api",
"roles"
},
ClientSecrets = new List<Secret>
{
new Secret("123456".Sha256())
},
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
EnableLocalLogin = true,
Enabled = true
}
};
}
我也可以给你这个
{
"issuer": "https://localhost:44367",
"jwks_uri": "https://localhost:44367/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://localhost:44367/connect/authorize",
"token_endpoint": "https://localhost:44367/connect/token",
"userinfo_endpoint": "https://localhost:44367/connect/userinfo",
"end_session_endpoint": "https://localhost:44367/connect/endsession",
"check_session_iframe": "https://localhost:44367/connect/checksession",
"revocation_endpoint": "https://localhost:44367/connect/revocation",
"introspection_endpoint": "https://localhost:44367/connect/introspect",
"device_authorization_endpoint": "https://localhost:44367/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"roles",
"oygapi",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"role"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true
}
日志要求:
[09:22:07 Information]
Starting host...
[09:22:13 Information] IdentityServer4.Startup
Starting IdentityServer4 version 3.0.1.0
[09:22:13 Information] IdentityServer4.Startup
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
[09:22:13 Information] IdentityServer4.Startup
Using the default authentication scheme idsrv for IdentityServer
[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for authentication
[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for sign-in
[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for sign-out
[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for challenge
[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for forbid
[09:22:15 Debug] IdentityServer4.Startup
Login Url: /Account/Login
[09:22:15 Debug] IdentityServer4.Startup
Login Return Url Parameter: ReturnUrl
[09:22:15 Debug] IdentityServer4.Startup
Logout Url: /Account/Logout
[09:22:15 Debug] IdentityServer4.Startup
ConsentUrl Url: /consent
[09:22:15 Debug] IdentityServer4.Startup
Consent Return Url Parameter: returnUrl
[09:22:15 Debug] IdentityServer4.Startup
Error Url: /home/error
[09:22:15 Debug] IdentityServer4.Startup
Error Id Parameter: errorId
[09:22:15 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /.well-known/openid-configuration matched to endpoint type Discovery
[09:22:15 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
[09:22:15 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
[09:22:15 Debug] IdentityServer4.Endpoints.DiscoveryEndpoint
Start discovery request
[09:22:29 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize matched to endpoint type Authorize
[09:22:29 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
[09:22:29 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
[09:22:29 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
Start authorize request
[09:22:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
No user present in authorize request
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
ValidatedAuthorizeRequest
{"ClientId": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "ClientName": "Postman", "RedirectUri": "https://www.getpostman.com/oauth2/callback", "AllowedRedirectUris": ["https://www.getpostman.com/oauth2/callback"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "state": "", "client_id": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "scope": "openid profile", "redirect_uri": "https://www.getpostman.com/oauth2/callback"}, "$type": "AuthorizeRequestValidationLog"}
[09:22:30 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:39 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Augmenting SignInContext
[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding idp claim with value: local
[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding amr claim with value: pwd
[09:22:39 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
AuthenticationScheme: idsrv signed in.
[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:39 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize/callback matched to endpoint type Authorize
[09:22:39 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
[09:22:39 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
Start authorize callback request
[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
No user present in authorize request
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
ValidatedAuthorizeRequest
{"ClientId": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "ClientName": "Postman", "RedirectUri": "https://www.getpostman.com/oauth2/callback", "AllowedRedirectUris": ["https://www.getpostman.com/oauth2/callback"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "state": "", "client_id": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "scope": "openid profile", "redirect_uri": "https://www.getpostman.com/oauth2/callback"}, "$type": "AuthorizeRequestValidationLog"}
[09:22:39 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:46 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation
[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.
[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.