Я внедряю IdentityServer4 в качестве службы аутентификации для мобильного приложения с «Предоставлением кода авторизации с PKCE». Вход в систему работает успешно, но он не перенаправляет, он застревает в / connect / authorize / callback и через некоторое время появляется ошибка 502 Bad Gateway, а последнее сообщение в журнале консоли - «Создание ответа потока кода авторизации».
Код:
new Client
{
ClientId = "app",
ClientName = App",
AllowedGrantTypes = GrantTypes.Code,
RequireClientSecret = false,
RequirePkce = false,
RequireConsent = false,
RedirectUris = { "net.websites.example-site://oauth2redirect" },
// this scopes can be used by this client
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api",
AccessTokenLifetime = 7200,
IdentityTokenLifetime = 7200,
}
Журнал:
[16:50:55 INF] Request starting HTTP/1.1 GET http://localhost:5000/connect/authorize/callback?nonce=ckf7_szTJaEwCT6TbQXCPuUmqt7L71hyrttk7t91fys&response_type=code&code_challenge_method=S256&scope=openid%20profile%20email%20api&code_challenge=G7W07PUgQozuiLN92tJFY5bKrMryBlXoR00qY1lHac4&redirect_uri=net.websites.example-site%3A%2F%2Foauth2redirect&client_id=app&state=OfdtNuzqL60F0vvkys-s_k_kch9wGiifB8i-IzHxRw0
[16:50:55 INF] No cached response available for this request.
[16:50:55 INF] AuthenticationScheme: Identity.Application was successfully authenticated.
[16:50:55 INF] AuthenticationScheme: Identity.Application was successfully authenticated.
[16:50:55 INF] AuthenticationScheme: Identity.Application was successfully authenticated.
[16:50:55 DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
[16:50:55 DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
[16:50:55 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
[16:50:55 DBG] Start authorize callback request
[16:50:55 DBG] User in authorize request: 87882d3f-3802-4db4-be2a-e85bb97f05c1
[16:50:55 DBG] Start authorize request protocol validation
[16:50:55 DBG] Checking for PKCE parameters
[16:50:55 INF] ValidatedAuthorizeRequest
{
"ClientId": "app",
"ClientName": "App",
"RedirectUri": "net.websites.example-site://oauth2redirect",
"AllowedRedirectUris": [
"net.websites.example-site://oauth2redirect"
],
"SubjectId": "87882d3f-3802-4db4-be2a-e85bb97f05c1",
"ResponseType": "code",
"ResponseMode": "query",
"GrantType": "authorization_code",
"RequestedScopes": "openid profile email api",
"State": "OfdtNuzqL60F0vvkys-s_k_kch9wGiifB8i-IzHxRw0",
"Nonce": "ckf7_szTJaEwCT6TbQXCPuUmqt7L71hyrttk7t91fys",
"SessionId": "bcd41f50110a7bd67eac99168d969ad4",
"Raw": {
"nonce": "ckf7_szTJaEwCT6TbQXCPuUmqt7L71hyrttk7t91fys",
"response_type": "code",
"code_challenge_method": "S256",
"scope": "openid profile email api",
"code_challenge": "G7W07PUgQozuiLN92tJFY5bKrMryBlXoR00qY1lHac4",
"redirect_uri": "net.websites.example-site://oauth2redirect",
"client_id": "app",
"state": "OfdtNuzqL60F0vvkys-s_k_kch9wGiifB8i-IzHxRw0"
}
}
[16:50:55 DBG] Client is configured to not require consent, no consent is required
[16:50:55 DBG] Creating Authorization Code Flow response.