Identity Server 4静默续订错误响应:login_required [英] Identity Server 4 Silent Renew ErrorResponse: login_required

问题描述

我已经从 redux-oidc-example 克隆了仓库，并且适用于大多数情况下，但几个小时后，出现以下错误:

I have cloned the repo from the redux-oidc-example and it works for the most part but after a few hours it gives the following error:

动作有效载荷:错误响应:login_required
在新的e(oidc-client.min.js:1)
在t时[作为_processSigninParams](oidc-client.min.js:1)
在t时[作为validateSigninResponse](oidc-client.min.js:1)
在oidc-client.min.js:1

Action payload: ErrorResponse: login_required
at new e (oidc-client.min.js:1)
at t [as _processSigninParams] (oidc-client.min.js:1)
at t [as validateSigninResponse] (oidc-client.min.js:1)
at oidc-client.min.js:1

UserManager.js看起来像这样:

UserManager.js looks like this:

const userManagerConfig = {
  client_id: 'js.dev',
  client_secret: 'secret',
  redirect_uri: `${window.location.protocol}//${window.location.hostname}${window.location.port ? `:${window.location.port}` : ''}/callback`,
  response_type: 'id_token token',
  scope: 'openid email profile role offline_access',
  authority: 'http://localhost:8080',
  silent_redirect_uri: `${window.location.protocol}//${window.location.hostname}${window.location.port ? `:${window.location.port}` : ''}/silent_renew.html`,
  automaticSilentRenew: true,
  filterProtocolClaims: true,
  loadUserInfo: true
};

和我的身份服务器配置:

and my identity server config:

{
        "Enabled": true,
        "ClientId": "js.dev",
        "ClientName": "Javascript Client",
        "ClientSecrets": [ { "Value": "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=" } ],
        "AllowedGrantTypes": [ "implicit", "authorization_code" ],
        "AllowedScopes": [ "openid", "email", "profile", "role", "offline_access" ],
        "AllowOfflineAccess": true,
        "AllowAccessTokensViaBrowser":true,
        "RedirectUris": [
          "http://localhost:8081/callback",
          "http://localhost:8081/silent_renew.html"
        ],
        "PostLogoutRedirectUris": [
          "http://localhost:8081"
        ],
        "AccessTokenLifetime": 900,
        "RequireConsent": false
      }

我注意到，在发生错误之前，最后一个有效响应具有一个cookie响应(idsrv.session)，其值为空，并且将到期日期设置为上一年:

I noticed that prior to error last valid response had one cookie response(idsrv.session) with empty value with the expiry date set to the previous year:

我认为这是问题的根本原因，我在相关的Github存储库中对其进行了搜索，然后尝试将Cookie.SameSite添加为无，但无济于事:

I believe this to be the root cause of the issue, I searched it on related Github repo and tried to add the Cookie.SameSite to none but it didn't help:

services.AddAuthentication()
                .AddSaml(Configuration,externalProviders.UseSaml)
                .AddCookie(options => {
                    options.SlidingExpiration = true;
                    options.ExpireTimeSpan = TimeSpan.FromDays(30);
                    options.Cookie.SameSite = SameSiteMode.None;
                });

任何想法！

推荐答案

搜索 Identity Server 4存储库，我对代码进行了以下更改:

After searching the Identity Server 4 repo, I made the following changes to my code:

services.AddIdentityServer(options=>
                {
                    options.Authentication.CookieLifetime = TimeSpan.FromDays(30);
                    options.Authentication.CookieSlidingExpiration = true;
                })
                .AddProfileService<ProfileService>()
                .AddSigningCertificate(Configuration)
                .AddInMemoryClients(Configuration.GetSection("IdentityServer:Clients"))
                .AddInMemoryIdentityResources(Resources.GetIdentityResources());

此操作随后开始工作，但是关闭浏览器或重新打开新标签后，您必须重新登录，我猜这是由于

It started working afterward, but you would have to login again after you close the browser or reopen a new tab I guess it's because of the sessionStorage.

这篇关于Identity Server 4静默续订错误响应:login_required的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！