我收到错误’客户端应用程序未知或未经授权.访问我的网站的受保护区域时.
这是我的客户:
public static class Clients { public static IEnumerable<Client> Get() { return new[] { new Client { Enabled = true,ClientName = "Web Application",ClientId = "webapplication",Flow = Flows.AuthorizationCode,ClientSecrets = new List<Secret> { new Secret("webappsecret".Sha256()) },RedirectUris = new List<string> { UrlManager.WebApplication },PostlogoutRedirectUris = new List<string> { UrlManager.WebApplication },AllowedScopes = new List<string> { Constants.StandardScopes.OpenId,Constants.StandardScopes.Profile,Constants.StandardScopes.Email,Constants.StandardScopes.Roles,Constants.StandardScopes.OfflineAccess,"read","write" } } }; } }
这是我的Web应用程序启动:
public class Startup { public void Configuration(IAppBuilder app) { app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); app.USEOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { Authority = UrlManager.AuthenticationService + "identity",Scope = "openid profile",ResponseType = "code id_token",RedirectUri = UrlManager.WebApplication,SignInAsAuthenticationType = "Cookies" }); } }
这是我的身份验证服务(安装了IDS3)启动:
public class Startup { public void Configuration(IAppBuilder app) { app.Map("/identity",idsrvApp => { idsrvApp.UseIdentityServer(new IdentityServerOptions { SiteName = "Authentication Service - Embedded IdentityServer",SigningCertificate = Certificate.LoadCertificate(),Factory = new IdentityServerServiceFactory() .UseInMemoryUsers(Users.Get()) .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(Scopes.Get()) }); }); } }
这是UrlManager:
public static class UrlManager { public static string WebApplication { get { return "https://localhost:44381/"; } } public static string AuthenticationService { get { return "https://localhost:44329/"; } } }
这是我的家庭控制器:
public class HomeController : Controller { public ActionResult Index() { return View(); } [Authorize] public ActionResult Private() { return View((User as ClaimsPrincipal).Claims); } }
当我访问Private时,我得到一个Identity Server 3屏幕,它给出了错误消息“客户端应用程序未知或未经授权.”.
我已经读过这可能来自重定向URI中的错误匹配,但据我所知,我的是正确的.我不知道还有什么可以导致它.如果我将流程更改为隐式但我想实现AuthorizationCode流程,则应用程序可以正常运行.
文档似乎也没有说明这一点.
解决方法
客户端已配置为授权代码流
Flow = Flows.AuthorizationCode
但是启动时的响应类型设置为混合流.
ResponseType = “code id_token”
尝试将此更改为
ResponseType = “code” (or Change the Flow type to Hybrid)