OpenIddict:使用AddDevelopmentSigningCertificate() [英] OpenIddict: Using AddDevelopmentSigningCertificate()

问题描述

我使用带有隐式流的OpenIddict使用DefaultIdentity创建了一个Asp.Net Core 2.2应用程序.该应用程序在Docker容器中运行. 我正在尝试为我的开发环境使用AddDevelopmentSigningCertificate()选项.

I created an Asp.Net Core 2.2 application with DefaultIdentity using OpenIddict with the Implicit flow. This application runs in a Docker container. I am trying to use the AddDevelopmentSigningCertificate() option for my development environment.

 services.AddOpenIddict()
                .AddCore(options =>
                {
                    options.UseEntityFrameworkCore()
                           .UseDbContext<ApplicationDbContext>();
                })
                .AddServer(options =>
                {
                    options.UseMvc();
             options.EnableAuthorizationEndpoint("/connect/authorize");
             options.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile, OpenIddictConstants.Scopes.Roles);
                    options.AllowImplicitFlow();
                    options.DisableHttpsRequirement();
                    options.AddDevelopmentSigningCertificate();
                    options.UseJsonWebTokens();
                })
                .AddValidation();

然后，我有一个也在Docker容器中运行的Asp.Net Core 2.2 Web API应用程序.我正在通过Swashbuckle和JWT承载身份验证使用Swagger.

Then I have an Asp.Net Core 2.2 Web API application also running in a Docker container. I am using Swagger via Swashbuckle and JWT Bearer Authentication.

            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();

            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            }).AddJwtBearer(options =>
            {
                options.Authority = identityUrl;
                options.RequireHttpsMetadata = false;
                options.Audience = "supplier-service";
            });

(identityUrl是Authorization Server Docker容器的Url)

(identityUrl is the Url of the Authorization Server Docker container)

但是我遇到以下错误:

Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException:IDX10501:签名验证失败.无法匹配密钥: 小子:"[PII隐藏]"， 令牌:"[PII隐藏]".

Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys: kid: '[PII is hidden]', token: '[PII is hidden]'.

我想念什么或做错什么了?

What am I missing or what am I doing wrong?

推荐答案

AddJwtBearer的Authority选项的URL错误. 如果有人收到相同的误导性错误消息.

The url for the Authority option of the AddJwtBearer was wrong. In case somebody gets the same misleading error message.

这篇关于OpenIddict:使用AddDevelopmentSigningCertificate()的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！