Saya menggunakan Identity Server 4 dan menambahkan lebih banyak titik akhir API untuk digunakan tetapi sepertinya saya tidak dapat membuatnya berfungsi dengan benar. Ketika saya mengirim panggilan ke api server identitas dengan token akses, katanya
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed.
Dan Klaim nama API tidak ada dalam token akses. Saya menggunakan toko konfigurasi DB.
Di sini bagaimana saya mengkonfigurasi server Identitas 4.
Startup.cs
services.Configure<EmailSettings>(Configuration.GetSection("EmailSettings"));
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>(options=>
{
// example of setting options
options.Tokens.ChangePhoneNumberTokenProvider = "Phone";
// password settings chosen due to NIST SP 800-63
options.Password.RequiredLength = 3; // personally i'd prefer to see 10+
options.Password.RequiredUniqueChars = 0;
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
var migrationsAssembly = typeof(StartupDevelopment).GetTypeInfo().Assembly.GetName().Name;
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer(options =>
{
options.Discovery.CustomEntries.Add("Claims", "/api/claims");
}
)
.AddDeveloperSigningCredential()
.AddDeveloperSigningCredential()
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(Configuration.GetConnectionString("ConfigurationStore"),
sql => sql.MigrationsAssembly(migrationsAssembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(Configuration.GetConnectionString("OperationalStore"),
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
// options.EnableTokenCleanup = true;
// options.TokenCleanupInterval = 30;
})
.AddAspNetIdentity<ApplicationUser>();
services.AddAuthentication()
.AddIdentityServerAuthentication("token", isAuth =>
{
isAuth.Authority = IdentityServerConfigurations.Authority;
isAuth.ApiName = "claims"; // TODO change this name to refelect broader api changes
isAuth.RequireHttpsMetadata = IdentityServerConfigurations.Ssl;
});
Config.cs
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
AccessTokenLifetime = 300,
UpdateAccessTokenClaimsOnRefresh = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "https://localhost:44383/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:44383/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Address,
"claims"
},
AllowOfflineAccess = true
}
Di ClaimsController
[Authorize(AuthenticationSchemes = "token")]