在客户端应用程序中使用OpenIdConnect的Invalid_client [英] Invalid_client using OpenIdConnect in client application

问题描述

我有一个运行ASP.NET Identity的IdentityServer4应用程序.我想使用它，以便来自其他应用程序的用户可以通过我的远程身份服务器登录.

I have an IdentityServer4 application running with ASP.NET Identity. I want to use that so users from another application can login through my remote identity server.

我已在身份服务器中为客户端应用程序配置了以下设置(仅显示相关设置):

I have configured a client application in identity server with the following settings (showing only relevant settings):

ClientId: mvc
ProtocolType: oidc
ClientSecret: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

(URLs to client app)
RedirectUri: https://localhost:44313/signin-oidc
PostLogoutRedirectUri: https://localhost:44313/signout-callback-oidc

GrantType: Hybrid

我的客户端应用程序(服务器端Blazor应用程序)在Startup.cs中配置了以下设置.

My client application (server side Blazor app) has the following settings configured in Startup.cs.

        // Add authentication
        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.RequireHttpsMetadata = false;
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "http://localhost:5000/"; // local identity server url
            options.ClientId = "mvc";
            options.ClientSecret = "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=";
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("profile openid web_api");
        });

启动客户端应用程序后，我将重定向到我的IdentityServer登录页面.然后，我可以使用用户名和密码登录.登录后，我将被重定向回我的客户端应用程序https://localhost:44313/signin-oidc.

When I start my client app, I then get redirect to my IdentityServer login page. I can then login with a username and password. When I login I then get redirected back to my client application https://localhost:44313/signin-oidc.

但随后在该页面上出现以下错误:

But then I get the following error on that page:

OpenIdConnectProtocolException:消息包含错误: 'invalid_client'，错误说明:'error_description为空'， error_uri:"error_uri为空".

OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.

在我看来，我使用的是正确的ClientId?

To me it looks like I am using the correct ClientId?

我做错了什么?

推荐答案

ClientSecret 应该包含未加密的值.看看文档

ClientSecret should contain the unencrypted value. Take a look at the documentation.

在您的情况下秘密.

options.ClientSecret = "secret";

我没有进一步看，所以如果此更改不能解决问题，请告诉我.

I didn't look further, so if this change doesn't solve it then please let me know.

这篇关于在客户端应用程序中使用OpenIdConnect的Invalid_client的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！