Identity Server 4静默续订错误响应:login_required [英] Identity Server 4 Silent Renew ErrorResponse: login_required
问题描述
我已经从 redux-oidc-example 克隆了仓库,并且适用于大多数情况下,但几个小时后,出现以下错误:
I have cloned the repo from the redux-oidc-example and it works for the most part but after a few hours it gives the following error:
动作有效载荷:错误响应:login_required
在新的e(oidc-client.min.js:1)
在t时[作为_processSigninParams](oidc-client.min.js:1)
在t时[作为validateSigninResponse](oidc-client.min.js:1)
在oidc-client.min.js:1
Action payload: ErrorResponse: login_required
at new e (oidc-client.min.js:1)
at t [as _processSigninParams] (oidc-client.min.js:1)
at t [as validateSigninResponse] (oidc-client.min.js:1)
at oidc-client.min.js:1
UserManager.js看起来像这样:
UserManager.js looks like this:
const userManagerConfig = {
client_id: 'js.dev',
client_secret: 'secret',
redirect_uri: `${window.location.protocol}//${window.location.hostname}${window.location.port ? `:${window.location.port}` : ''}/callback`,
response_type: 'id_token token',
scope: 'openid email profile role offline_access',
authority: 'http://localhost:8080',
silent_redirect_uri: `${window.location.protocol}//${window.location.hostname}${window.location.port ? `:${window.location.port}` : ''}/silent_renew.html`,
automaticSilentRenew: true,
filterProtocolClaims: true,
loadUserInfo: true
};
和我的身份服务器配置:
and my identity server config:
{
"Enabled": true,
"ClientId": "js.dev",
"ClientName": "Javascript Client",
"ClientSecrets": [ { "Value": "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=" } ],
"AllowedGrantTypes": [ "implicit", "authorization_code" ],
"AllowedScopes": [ "openid", "email", "profile", "role", "offline_access" ],
"AllowOfflineAccess": true,
"AllowAccessTokensViaBrowser":true,
"RedirectUris": [
"http://localhost:8081/callback",
"http://localhost:8081/silent_renew.html"
],
"PostLogoutRedirectUris": [
"http://localhost:8081"
],
"AccessTokenLifetime": 900,
"RequireConsent": false
}
我注意到,在发生错误之前,最后一个有效响应具有一个cookie响应(idsrv.session),其值为空,并且将到期日期设置为上一年:
I noticed that prior to error last valid response had one cookie response(idsrv.session) with empty value with the expiry date set to the previous year:
我认为这是问题的根本原因,我在相关的Github存储库中对其进行了搜索,然后尝试将Cookie.SameSite添加为无,但无济于事:
I believe this to be the root cause of the issue, I searched it on related Github repo and tried to add the Cookie.SameSite to none but it didn't help:
services.AddAuthentication()
.AddSaml(Configuration,externalProviders.UseSaml)
.AddCookie(options => {
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(30);
options.Cookie.SameSite = SameSiteMode.None;
});
任何想法!
推荐答案
搜索 Identity Server 4存储库,我对代码进行了以下更改:
After searching the Identity Server 4 repo, I made the following changes to my code:
services.AddIdentityServer(options=>
{
options.Authentication.CookieLifetime = TimeSpan.FromDays(30);
options.Authentication.CookieSlidingExpiration = true;
})
.AddProfileService<ProfileService>()
.AddSigningCertificate(Configuration)
.AddInMemoryClients(Configuration.GetSection("IdentityServer:Clients"))
.AddInMemoryIdentityResources(Resources.GetIdentityResources());
此操作随后开始工作,但是关闭浏览器或重新打开新标签后,您必须重新登录,我猜这是由于
It started working afterward, but you would have to login again after you close the browser or reopen a new tab I guess it's because of the sessionStorage.
这篇关于Identity Server 4静默续订错误响应:login_required的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!