我在我的 Asp.net 核心 API 应用程序中使用身份服务器 4,我在 上获得了成功的 token 本地 服务器
https://localhost:[port]/connect/token
它提供访问 token ,当我使用不记名 token 访问授权方法时,它 工作正常 但是 在服务器上
https://example.com/connect/token它也提供成功的 token ,但是当我使用此 token 访问授权方法时,它会提供 401 未授权错误
"Authority": "https://example.com",
"Audience": "https://example.com/resources",
"RequireHttpsMetadata": "true"
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(GetIdentityResources())
.AddInMemoryApiResources(GetApiResources())
.AddInMemoryClients(GetClients())
.AddAspNetIdentity<User>();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = configuration["AppSettings:Authority"];
options.Audience = configuration["AppSettings:Audience"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AppSettings:RequireHttpsMetadata"]);
});
services.AddTransient<IProfileService, IdentityClaimsProfileService>();
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile(),
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API")
};
}
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
// resource owner password grant client
new Client
{
ClientId = "ro.angular",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Address,
"api1"
},
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse,
RefreshTokenExpiration = TokenExpiration.Sliding
}
};
}
最佳答案
这可能是因为范围变量。
您必须按照以下步骤检查范围
关于asp.net-core-webapi - 使用身份服务器 4 和 Asp.net Core API 获得 401 未经授权的有效访问 token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59007998/