identityserver4 注意踩坑 invalid_scope
密码模式和客户端模式出现 invalid_scope 报错
服务端日志
IdentityServer4.Validation.TokenRequestValidator[0]
No scopes found in request, {
“ClientId”: “pwdClient”,
“GrantType”: “password”,
“Raw”: {
“client_id”: “pwdClient”,
“client_secret”: “REDACTED”,
“grant_type”: “password”,
“password”: “REDACTED”,
“username”: “jcb”
}
}
密码模式(ResourceOwnerPassword)
config.cs添加
public static IEnumerable<IdentityResource> GetIdentityResourceResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(), //未添加导致scope错误
new IdentityResources.Profile()
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client> {
new Client(){
ClientId="pwdClient",
AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes={ "api",IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile}//需要额外添加
}
};
}
startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetResource())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetTestUsers())
.AddInMemoryIdentityResources(Config.GetIdentityResourceResources());//这里加入刚刚的方法
}
客户端模式(ClientCredentials)
如果使用客户端出现上述报错
Config.cs需要添加
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("api")
};
public static IEnumerable<ApiResource> GetResource()
{
return new List<ApiResource>
{
new ApiResource("api","my api")
{
Scopes ={"api"},//重要,不配置返回 invalid_scope
}
};
}
Startup.cs
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetResource())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetTestUsers())
.AddInMemoryIdentityResources(Config.GetIdentityResourceResources())
.AddInMemoryApiScopes(Config.ApiScopes);//添加