使用IdentityServer和JavaScript的oidc客户端登录SigninSilentCallback中没有用户 [英] No user in signinSilentCallback using identityserver and oidc client of javascript

问题描述

我在以下代码中得到用户未定义的信息.

I am getting user undefined in following code.

我已经从MVC认证了用户.

I have already authenticated user from MVC.

但是当我使用signinSilentCallback来获取该用户的详细信息时，使用js中的oidc-client时，它变得不确定.

But when I use signinSilentCallback to get detail of that user, it is getting undefined using oidc-client in js.

它也没有给出任何错误.

It doesn't give any error as well.

        var mgr = new UserManager({
                    authority: "http://localhost:5000",
                    client_id: "js",
                    redirect_uri: "http://localhost:50144/signin-oidc",
                    silent_redirect_uri: "http://localhost:50144/signin-oidc",
                    response_type: "id_token token",
                    post_logout_redirect_uri: "http://localhost:50144/signout-callback-oidc",
                });

        mgr.signinSilentCallback().then(function (user) {

            //**Here user is undefined.**
            axios.defaults.headers.common['Authorization'] = "Bearer " + user.access_token;

        });

在Identityserver 4中，客户端的定义如下.

In Identityserver 4, client is defined as following.

new Client
                {
                    ClientId = "js",
                    ClientName = "js",
                    ClientUri = "http://localhost:50144",

                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    RequireClientSecret = false,
                    AccessTokenType = AccessTokenType.Jwt,

                    RedirectUris = 
                    {
                        "http://localhost:50144/signin-oidc",
                    },

                    PostLogoutRedirectUris = { "http://localhost:50144/signout-callback-oidc" },
                    AllowedCorsOrigins = { "http://localhost:50144" },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email
                    }
                }

推荐答案

signinSilentCallback:返回承诺以将来自授权端点的响应通知给父窗口. https://github.com/IdentityModel/oidc-client-js/wiki

signinSilentCallback: Returns promise to notify the parent window of response from the authorization endpoint. https://github.com/IdentityModel/oidc-client-js/wiki

signinSilentCallback -这不是返回用户对象的东西.

signinSilentCallback - This is not something will return you the user object.

如果您真的需要让用户对象进行静默更新，我建议在后面的代码段中使用这种方法.这对我在salesforce应用程序中也适用.

If you really need to get the user object on silent renew i would suggest to use this approach with folloowing code snippet. This works for me in salesforce apps as well.

this.userManager.events.addAccessTokenExpiring(() =>
            {
                this.userManager.signinSilent({scope: oidcSettings.scope, response_type: oidcSettings.response_type})
                    .then((user: CoreApi.Authentication.Interfaces.OidcClientUser) =>
                    {
                        this.handleUser(user); // This function just set the current user
                    })
                    .catch((error: Error) =>
                    {
                        this.userManager.getUser()
                            .then((user: CoreApi.Authentication.Interfaces.OidcClientUser) =>
                            {
                                this.handleUser(user);
                            });
                    });
            });

由于在oidc-client js中为iFrame报告的一个错误，我们还需要处理getUser

We need to handle the getUser in catch as well due to one of bug reported for iFrame in oidc-client js

以上代码着重介绍了令牌过期时执行静默更新的方式.

From above code focus on the way the silent renew is performed when the token expires.

这篇关于使用IdentityServer和JavaScript的oidc客户端登录SigninSilentCallback中没有用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！