aurelia - 使用 Aurelia-Auth 从 IdentityServer 获取 JWT 的配置

Question

我无法从 IdentityServer3 获取 JWT。我将 aurelia 与 aurelia-auth 一起使用。

我从 IdentityServer 得到的错误是 “客户端应用程序未知或未经授权。”

想知道我在配置中缺少什么吗？配置如下

//Server Clients
public static class Clients
{
    public static IEnumerable<Client> Get()
    {
        return new List<Client> {
            new Client {
                ClientName = "AureliaApplication",
                Enabled = true,
                ClientId = "aureliaClient",
                AllowAccessToAllScopes = true,
                Flow = Flows.ResourceOwner,
                AccessTokenType = AccessTokenType.Jwt,
                AccessTokenLifetime = 3600
            }
        };
    }
}

//Aurelia-Auth Provider Config
var config = {
    providers: {
        IdentityServerV3: {
            name:'IdentityServerV3',
            url: '/auth/IdentityServerV3',
            authorizationEndpoint: 'https://localhost:44300/core/connect/authorize',
            redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
            scope: ['openid'],
            scopePrefix: 'openid',
            scopeDelimiter: '&',
            display: 'popup',
            type: '2.0',
            clientId: 'aureliaClient',
            popupOptions: { width: 1020, height: 618 }
        }
    }
}

export default config;

Answer 1

需要在IdentityServer中配置客户端的作用域

new Client
{
    ClientId = "Aurelia Client",
    ClientName = "aureliaClient",
    ClientSecrets = new List<Secret> {
        new Secret(Constants.IdentitySecret.Sha256())
    },
    Flow = Flows.Hybrid,
    RequireConsent = true,
    AllowRememberConsent = true,
    RedirectUris = new List<string> {
        "http://localhost:9000"
    },
    PostLogoutRedirectUris = new List<string> {
        "http://localhost:9000"
    },
    AllowedScopes = new List<string> {
        Constants.StandardScopes.OpenId,
        Constants.StandardScopes.Profile,
        Constants.StandardScopes.Roles,
        "apiAccess"
    }
}

Aurelia 配置必须更正不同 IdentityServer 端点的 url。这些端点通常可以在服务器的 openid-configuration 中找到(在本例中为:https://localhost:44301/core/.well-known/openid-configuration)。 与 IdentityServer 中客户端配置中定义的范围相同

var config = {
    baseUrl : 'https://localhost:44301/core',
    tokenName : 'id_token',
    profileUrl: '/connect/userinfo',
    unlinkUrl : '/connect/endsession',
    logoutRedirect: '/',
    loginRedirect : '#/',

    providers : {
        identSrv : {
            name: 'identSrv',
            url: '/connect/token',
            authorizationEndpoint: 'https://localhost:44301/core/connect/authorize/',
            redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
            scope: ['profile', 'apiAccess','openid', 'roles'],
            responseType :'code id_token token',
            scopePrefix: '',
            scopeDelimiter: ' ',
            requiredUrlParams: ['scope', 'nonce'],
            optionalUrlParams: ['display'],
            state: 'session_state',
            display: 'popup',
            type: '2.0',
            clientId: 'jsClient',
            flow: 'hybrid',
            nonce : function(){
            var val = ((Date.now() + Math.random()) * Math.random()).toString().replace(".", "");
                return encodeURIComponent(val);
            },
            popupOptions: { width: 452, height: 633 }
    }
}

Scott 实际上找到了解决方案(我只是用它来回答)你可以在他的 github 上找到一个例子 https://github.com/devscott/identityServer3Example