1
我在IdentityServer4中请求新刷新令牌时遇到了一些问题。有时在进行身份验证之后,我得到了来自我的Api的未经授权的响应,好吧,但是当我尝试请求新的刷新令牌时,我从服务器获取invalid_grant。我确定我设置了offline_access,但仍然有问题。这里是我的代码:IdentityServer4刷新令牌无效授予
我在服务器Config.cs
new Client
{
ClientId = "myclientId",
ClientName = "MyClient",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
ClientSecrets =
{
new Secret("mySecret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowOfflineAccess = true,
UpdateAccessTokenClaimsOnRefresh = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
...
}
}
我Startup.cs从MVCclient
客户app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AccessDeniedPath = "/Home/Error403"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = Configuration["Identity.Url"],
RequireHttpsMetadata = false,
ClientId = Configuration["ClientId"],
ClientSecret = Configuration["ClientSecret"],
ResponseType = "code id_token",
Scope = { "openid profile offline_access" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
});
在这里我得到invalid_grant
var disco = await DiscoveryClient.GetAsync(Configuration["Identity.Url"]);
if (disco.IsError) throw new Exception(disco.Error);
var tokenClient = new TokenClient(disco.TokenEndpoint, Configuration["ClientId"],
Configuration["ClientSecret"]);
var rt = await HttpContext.Authentication.GetTokenAsync("refresh_token");
var tokenResult = await tokenClient.RequestRefreshTokenAsync(rt);
tokenResult收到invalid_grant。我错过了什么吗?
我感谢您的帮助,但仍然得到invalid_grant音符报价.. –
一切看起来不错,我...查看日志在auth服务器上。这已经为我解决了很多问题。尝试运行您的auth服务器作为控制台应用程序而不是IIS Express如果您正在使用visual studio ...希望它有帮助! – JayDeeEss
当我的访问/刷新标记有效时,RequestRefreshTokenAsync()可以正常工作。但是当它过期时,我会收到invalid_grant。是这样吗?如果是这样,那么我必须在到期前续约,对吧? –