.net core Client doesn't authenticate with IdentityServer v3 - Offset in Audience

丶灬走出姿态 提交于 2020-01-24 09:42:09

问题


Given:

IdentityServer v3 JavaSCript Client Asp Core Api Client

The JavaScript client authenticates with the identityserver and makes a request with a bearer token to the api

the api is configured to use ressource owner workflow

Problem: Now I get:

Audiences: 'http://localhost/identity/resources'. Did not match: validationParameters.ValidAudience: 'MyApi' or validationParameters.ValidAudiences: 'null'

Obiviously Audiance doesn't match. what am I missing?

Config

ApiClient in Identity server:

 return new Client
            {
                Enabled = true,
                ClientId = "MyApi",
                ClientName = "The client for the Groupl Api",
                ClientSecrets = new List<Secret>
                {
                    new Secret("foo".Sha256())
                },
                Flow = Flows.ResourceOwner,
                AllowedScopes = ClientConstants.AllowedGrouplScopes()
            };

In the api to connect to identity server:

 JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();


        var authority = config["identity:authority:url"];
        app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
        {
            Authority = authority,
            RequireHttpsMetadata = false,
            EnableCaching = false,

            ApiName = "myApi", //Correct that this is the client id?
            ApiSecret = "foo"
        });

Here the request (Access_token omitted)

GET /api/values HTTP/1.1
Host: localhost:59364
Content-Type: application/json
Authorization: Bearer {access_token}

Update

when I set LegacyAudienceValidation = true, everything works fine, but i'm not sure how to handle this correctly?


回答1:


Reason is that authentication behavior changed. IdentityServer 3 didn't support multiple audiences. Identityserver 4 does. So for the old handling LegacyAudienceValidation has to be set to true



来源:https://stackoverflow.com/questions/42670034/net-core-client-doesnt-authenticate-with-identityserver-v3-offset-in-audienc

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!