Oauth2 с почтальоном и IdentityServer4 - PullRequest
2 голосов
/ 20 февраля 2020

Я пытаюсь зарегистрироваться для аутентификации в Postman на моем Identity Server 4. Он работал с. Net Код 2, но я недавно обновился до. Net Core 3 и выполнил адаптацию. Я могу открыть свою страницу входа, я могу войти, но тогда я не перенаправлен должным образом. Это пребывание на странице входа в систему, и каждый раз, когда я нажимаю на кнопку «Войти» II l oop на странице входа в систему.

Сначала приведены настройки моего почтальона

enter image description here

Когда я нажимаю токен запроса, я получаю эту страницу

enter image description here

Так что мой логин и пароль верны, но я продолжаю цикл на этой странице.

Вот мой код:

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

namespace Oyg.IdentityServer
{
    public class Startup
    {
        public IWebHostEnvironment Environment { get; }

        public Startup(IWebHostEnvironment environment)
        {
            Environment = environment;
        }

        public void ConfigureServices(IServiceCollection services)
        {
            // uncomment, if you want to add an MVC-based UI
            services.AddControllersWithViews();

            var builder = services.AddIdentityServer()
                .AddInMemoryIdentityResources(Config.GetIdentityResources())
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients())
                .AddDeveloperSigningCredential(persistKey: false)
                .AddTestUsers(Config.GetUsers());

            // not recommended for production - you need to store your key material somewhere secure
            builder.AddDeveloperSigningCredential();
        }

        public void Configure(IApplicationBuilder app)
        {
            if (Environment.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            // uncomment if you want to add MVC
            app.UseStaticFiles();
            app.UseRouting();

            app.UseIdentityServer();

            // uncomment, if you want to add MVC
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapDefaultControllerRoute();
            });
        }
    }
}

И я также дам вам часть моей конфигурации

public static IEnumerable<Client> GetClients()
        {
            return new List<Client>()
            {
                new Client
                {
                    ClientName = "Postman", //_configuration.GetSection("PostmanClient").GetValue<string>("ClientName"),
                    ClientId = "f26ee5d6-****.local.app", //_configuration.GetSection("PostmanClient").GetValue<string>("ClientId"),
                    AllowedGrantTypes = GrantTypes.Code,
                    AllowOfflineAccess = true,
                    IdentityTokenLifetime = 60 * 60 * 24,
                    AccessTokenLifetime = 60 * 60 * 24,
                    RedirectUris = new List<string>()
                    {
                        "https://www.getpostman.com/oauth2/callback"
                    },
                    PostLogoutRedirectUris = new List<string>()
                    {
                        "https://www.getpostman.com"
                    },
                    AllowedCorsOrigins = new List<string>()
                    {
                        "https://www.getpostman.com"
                    },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "api",
                        "roles"
                    },
                    ClientSecrets = new List<Secret>
                    {
                        new Secret("123456".Sha256())
                    },
                    AllowAccessTokensViaBrowser = true,
                    RequireConsent = false,
                    EnableLocalLogin = true,
                    Enabled = true
                }
             };

        }

И я могу дать вам это также

{
"issuer": "https://localhost:44367",
"jwks_uri": "https://localhost:44367/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://localhost:44367/connect/authorize",
"token_endpoint": "https://localhost:44367/connect/token",
"userinfo_endpoint": "https://localhost:44367/connect/userinfo",
"end_session_endpoint": "https://localhost:44367/connect/endsession",
"check_session_iframe": "https://localhost:44367/connect/checksession",
"revocation_endpoint": "https://localhost:44367/connect/revocation",
"introspection_endpoint": "https://localhost:44367/connect/introspect",
"device_authorization_endpoint": "https://localhost:44367/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"roles",
"oygapi",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"role"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true
}

И в журналах было запрошено:

[09:22:07 Information]
Starting host...

[09:22:13 Information] IdentityServer4.Startup
Starting IdentityServer4 version 3.0.1.0

[09:22:13 Information] IdentityServer4.Startup
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.

[09:22:13 Information] IdentityServer4.Startup
Using the default authentication scheme idsrv for IdentityServer

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for authentication

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for sign-in

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for sign-out

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for challenge

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for forbid

[09:22:15 Debug] IdentityServer4.Startup
Login Url: /Account/Login

[09:22:15 Debug] IdentityServer4.Startup
Login Return Url Parameter: ReturnUrl

[09:22:15 Debug] IdentityServer4.Startup
Logout Url: /Account/Logout

[09:22:15 Debug] IdentityServer4.Startup
ConsentUrl Url: /consent

[09:22:15 Debug] IdentityServer4.Startup
Consent Return Url Parameter: returnUrl

[09:22:15 Debug] IdentityServer4.Startup
Error Url: /home/error

[09:22:15 Debug] IdentityServer4.Startup
Error Id Parameter: errorId

[09:22:15 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /.well-known/openid-configuration matched to endpoint type Discovery

[09:22:15 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint

[09:22:15 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration

[09:22:15 Debug] IdentityServer4.Endpoints.DiscoveryEndpoint
Start discovery request

[09:22:29 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize matched to endpoint type Authorize

[09:22:29 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint

[09:22:29 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize

[09:22:29 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
Start authorize request

[09:22:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
No user present in authorize request

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
ValidatedAuthorizeRequest
{"ClientId": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "ClientName": "Postman", "RedirectUri": "https://www.getpostman.com/oauth2/callback", "AllowedRedirectUris": ["https://www.getpostman.com/oauth2/callback"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "state": "", "client_id": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "scope": "openid profile", "redirect_uri": "https://www.getpostman.com/oauth2/callback"}, "$type": "AuthorizeRequestValidationLog"}

[09:22:30 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Augmenting SignInContext

[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding idp claim with value: local

[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding amr claim with value: pwd

[09:22:39 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
AuthenticationScheme: idsrv signed in.

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize/callback matched to endpoint type Authorize

[09:22:39 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint

[09:22:39 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback

[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
Start authorize callback request

[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
No user present in authorize request

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
ValidatedAuthorizeRequest
{"ClientId": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "ClientName": "Postman", "RedirectUri": "https://www.getpostman.com/oauth2/callback", "AllowedRedirectUris": ["https://www.getpostman.com/oauth2/callback"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "state": "", "client_id": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "scope": "openid profile", "redirect_uri": "https://www.getpostman.com/oauth2/callback"}, "$type": "AuthorizeRequestValidationLog"}

[09:22:39 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:46 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...