OpenIddict:使用AddDevelopmentSigningCertificate() [英] OpenIddict: Using AddDevelopmentSigningCertificate()
问题描述
我使用带有隐式流的OpenIddict使用DefaultIdentity创建了一个Asp.Net Core 2.2应用程序.该应用程序在Docker容器中运行. 我正在尝试为我的开发环境使用AddDevelopmentSigningCertificate()选项.
I created an Asp.Net Core 2.2 application with DefaultIdentity using OpenIddict with the Implicit flow. This application runs in a Docker container. I am trying to use the AddDevelopmentSigningCertificate() option for my development environment.
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
.AddServer(options =>
{
options.UseMvc();
options.EnableAuthorizationEndpoint("/connect/authorize");
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile, OpenIddictConstants.Scopes.Roles);
options.AllowImplicitFlow();
options.DisableHttpsRequirement();
options.AddDevelopmentSigningCertificate();
options.UseJsonWebTokens();
})
.AddValidation();
然后,我有一个也在Docker容器中运行的Asp.Net Core 2.2 Web API应用程序.我正在通过Swashbuckle和JWT承载身份验证使用Swagger.
Then I have an Asp.Net Core 2.2 Web API application also running in a Docker container. I am using Swagger via Swashbuckle and JWT Bearer Authentication.
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = identityUrl;
options.RequireHttpsMetadata = false;
options.Audience = "supplier-service";
});
(identityUrl是Authorization Server Docker容器的Url)
(identityUrl is the Url of the Authorization Server Docker container)
但是我遇到以下错误:
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException:IDX10501:签名验证失败.无法匹配密钥: 小子:"[PII隐藏]", 令牌:"[PII隐藏]".
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys: kid: '[PII is hidden]', token: '[PII is hidden]'.
我想念什么或做错什么了?
What am I missing or what am I doing wrong?
推荐答案
AddJwtBearer的Authority选项的URL错误. 如果有人收到相同的误导性错误消息.
The url for the Authority option of the AddJwtBearer was wrong. In case somebody gets the same misleading error message.
这篇关于OpenIddict:使用AddDevelopmentSigningCertificate()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!