Вопрос / Шаги по воспроизведению проблемы
- У меня развернут сервер идентификации в Azure, который используется локальным клиентом SPA
- Когда я войду в свой SPA, он перенаправит меня на страницу входа
- После успешного входа он перенаправит меня к клиенту SPA и продолжит запрашивать другой набор токенов. По сути, это бесконечный цикл, о котором я говорю.
- У меня есть
automaticRenewToken: true, поэтому он тихо обновляет токены в фоновом режиме.
- Все отлично работает, когда у меня есть локальный сервер и identity-сервер, и клиент SPA
- НО при развертывании сервера идентификации в Azure с клиентом SPA на моем локальном компьютере. У меня просто будет эта проблема.
- Сервер идентификации и клиент-спа используют
https
Минимальный рабочий пример
Мой профильService
public class ProfileService : IProfileService
{
private readonly UserManager<UserAccount> userManager;
private readonly ILogger<ProfileService> logger;
public ProfileService(UserManager<UserAccount> userManager, ILogger<ProfileService> logger)
{
this.userManager = userManager;
this.logger = logger;
}
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var user = await userManager.GetUserAsync(context.Subject);
var claims = new List<Claim>
{
new Claim(JwtClaimTypes.Email, user.Email),
new Claim(JwtClaimTypes.EmailVerified, user.EmailConfirmed.ToString(), ClaimValueTypes.Boolean),
!string.IsNullOrEmpty(user.PhoneNumber) ? new Claim(JwtClaimTypes.PhoneNumber, user.PhoneNumber) : null,
new Claim(JwtClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString(), ClaimValueTypes.Boolean),
};
context.IssuedClaims.AddRange(claims.Where(x => x != null));
}
public async Task IsActiveAsync(IsActiveContext context)
{
logger.LogWarning("CHECKING IF ACTIVE");
logger.LogWarning("Identity.Name - " + context.Subject.Identity?.Name);
logger.LogWarning("Identity.AuthenticationType - " + context.Subject.Identity?.AuthenticationType);
logger.LogWarning("Identity.IsAuthenticated - " + context.Subject.Identity?.IsAuthenticated.ToString());
var user = await userManager.GetUserAsync(context.Subject);
logger.LogWarning("CHECKING USER");
logger.LogWarning($"Is user not null? - {user != null}");
logger.LogWarning(Newtonsoft.Json.JsonConvert.SerializeObject(user));
context.IsActive = (user != null);
}
}
Вот моя конфигурация пользовательского менеджера oidc-клиента
/* eslint-disable @typescript-eslint/camelcase */
import { createUserManager } from 'redux-oidc';
const authority = process.env.REACT_APP_AUTHORITY_SERVER_URL;
const settings = {
// the user manager settings for oidc-client
client_id: 'timekeeping.web.local',
redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/callback`,
response_type: 'id_token token',
scope: 'openid profile timekeeping.api accounts.api',
authority,
//post_logout_redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/login`,
silent_redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/oidc/silent_renew.html`,
automaticSilentRenew: true,
filterProtocolClaims: true,
loadUserInfo: true
};
const userManager = createUserManager(settings);
export default userManager;
Соответствующие части файла журнала
Вот лог от куду
2019-07-01T13:49:14 Welcome, you are now connected to log-streaming service.
2019-07-01 23:49:16.723 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:16.735 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name - johndong
2019-07-01 23:49:16.735 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - IdentityServer4
2019-07-01 23:49:16.735 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:16.775 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:16.775 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null? - True
2019-07-01 23:49:16.797 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - tokenvalidator
2019-07-01 23:49:18.812 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:18.833 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:18.833 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null? - True
2019-07-01 23:49:18.833 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - UserInfo
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null? - True
2019-07-01 23:49:18.846 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name - johndong
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - IdentityServer4
2019-07-01 23:49:21.507 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:21.510 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:21.510 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null? - True
2019-07-01 23:49:21.510 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:22.684 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:22.684 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:22.684 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - tokenvalidator
2019-07-01 23:49:22.685 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:22.693 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:22.693 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null? - True
2019-07-01 23:49:22.693 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING IF ACTIVE
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.Name -
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.AuthenticationType - UserInfo
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Identity.IsAuthenticated - True
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: CHECKING USER
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: Is user not null? - True
2019-07-01 23:49:22.694 +10:00 [Warning] BizBox.Accounts.Infrastructure.IdentityServer.ProfileService: {"Firstname":"John","Middlename":"","Lastname":"Dong","Photo":null,"Id":"a0a0f58e-526c-4e4d-98cb-f03130175d31","UserName":"johndong","NormalizedUserName":"JOHNDONG","Email":"johndong@mailinator.com","NormalizedEmail":"JOHNDONG@MAILINATOR.COM","EmailConfirmed":true,"PasswordHash":"AQAAAAEAACcQAAAAENOUmj3zbZr/p0gtsPBoynBFom8zKRd8fUPlePCBHW9S3yUzfpAzOquRjP+d1fjPHQ==","SecurityStamp":"A4GAQC5JK3FCKWJZFUFLN27QAQJGV5F2","ConcurrencyStamp":"6e4d597b-f9b8-45a3-a123-fab051b44357","PhoneNumber":null,"PhoneNumberConfirmed":false,"TwoFactorEnabled":false,"LockoutEnd":null,"LockoutEnabled":true,"AccessFailedCount":0}
2019-07-01T13:51:14 No new trace in the past 1 min(s).
2019-07-01T13:52:14 No new trace in the past 2 min(s).
2019-07-01T13:53:14 No new trace in the past 3 min(s).
2019-07-01T13:54:14 No new trace in the past 4 min(s).
2019-07-01T13:55:14 No new trace in the past 5 min(s).
2019-07-01T13:56:14 No new trace in the past 6 min(s).
2019-07-01T13:57:14 No new trace in the past 7 min(s).
2019-07-01T13:58:14 No new trace in the past 8 min(s).
2019-07-01T13:59:14 No new trace in the past 9 min(s).
2019-07-01T14:00:14 No new trace in the past 10 min(s).
Вот сетевой журнал, который я видел сбой, когда у меня проблема бесконечного цикла.
Request URL: https://bizbox-accounts-dev.azurewebsites.net/connect/authorize?client_id=timekeeping.web.local&redirect_uri=https%3A%2F%2Flocalhost%3A3031%2Foidc%2Fsilent_renew.html&response_type=id_token&scope=openid&state=acd1d9d5980a491fb64df5df32c5ae6b&nonce=6b3295da819e4e9b928d5d93f2b2fa1d&prompt=none
Referrer Policy: no-referrer-when-downgrade
Provisional headers are shown
Referer: https://localhost:3031/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
client_id: timekeeping.web.local
redirect_uri: https://localhost:3031/oidc/silent_renew.html
response_type: id_token
scope: openid
state: acd1d9d5980a491fb64df5df32c5ae6b
nonce: 6b3295da819e4e9b928d5d93f2b2fa1d
prompt: none