我一直在試圖讓GetClientAccessToken
流程與最新版本4.1.0(通過nuget)一起工作,在這裏我控制着所有三方:客戶端,授權服務器和資源服務器。GetClientAccessToken將clientIdentifier覆蓋爲null由NetworkCredential
我已經開始創建原型的情況是Windows客戶端應用程序(我的客戶端 - 最終它將是WinRT,但它現在只是一個單獨的MVC 4應用程序,以保持簡單)和一組資源WebAPI項目。我現在將同一個WebAPI項目中的部分授權服務器暴露爲控制器。
每一次(似乎不管客戶端類型,例如UserAgentClient或WebServerClient)我嘗試GetClientAccessToken,在請求到達auth服務器時,沒有clientIdentifier作爲請求的一部分,因此請求失敗搭配:
2012-10-15 13:40:16,333 [41 ] INFO {Channel} Prepared outgoing AccessTokenFailedResponse (2.0) message for <response>:
error: invalid_client
error_description: The client secret was incorrect.
我已經通過源進入DNOA,基本上我是建立在客戶端上的憑據調試越來越裏面ClientBase.RequestAccessToken
殲滅由NetworkCredential.ApplyClientCredential
。如果我修改clientIdentifier到合理的東西,我可以跟蹤通過我的代碼的休息,看到正在做正確的查找/檢查,所以我相當有信心的auth服務器的代碼就可以了。
我的測試客戶端,目前看起來是這樣的:
public class AuthTestController : Controller
{
public static AuthorizationServerDescription AuthenticationServerDescription
{
get
{
return new AuthorizationServerDescription()
{
TokenEndpoint = new Uri("http://api.leave-now.com/OAuth/Token"),
AuthorizationEndpoint = new Uri("http://api.leave-now.com/OAuth/Authorise")
};
}
}
public async Task<ActionResult> Index()
{
var wsclient = new WebServerClient(AuthenticationServerDescription, "KieranBenton.LeaveNow.Metro", "testsecret");
var appclient = new DotNetOpenAuth.OAuth2.UserAgentClient(AuthenticationServerDescription, "KieranBenton.LeaveNow.Metro", "testsecret");
var cat = appclient.GetClientAccessToken(new[] { "https://api.leave-now.com/journeys/" });
// Acting as the Leave Now client we have access to the users credentials anyway
// TODO: CANNOT do this without SSL (turn off the bits in web.config on BOTH sides)
/*var state = client.ExchangeUserCredentialForToken("kieranbenton", "password", new[] { "https://api.leave-now.com/journeys/" });
// Attempt to talk to the APIs WITH the access token
var resourceclient = new OAuthHttpClient(state.AccessToken);
var response = await resourceclient.GetAsync("https://api.leave-now.com/journeys/");
string sresponse = await response.Content.ReadAsStringAsync();*/
// A wrong one
/*var wresourceclient = new OAuthHttpClient("blah blah");
var wresponse = await wresourceclient.GetAsync("https://api.leave-now.com/journeys/");
string wsresponse = await wresponse.Content.ReadAsStringAsync();
// And none
var nresourceclient = new HttpClient();
var nresponse = await nresourceclient.GetAsync("https://api.leave-now.com/journeys/");
string nsresponse = await nresponse.Content.ReadAsStringAsync();*/
return Content("");
}
}
我無法弄清楚如何防止這種情況,或者如果它的設計我在做什麼錯誤。
任何幫助表示讚賞。
感謝安德魯 - 如何奇!你有沒有如何使用PostParameterApplicator的例子?我不確定如何控制客戶行爲的這一部分。 –
從頭開始,我想通了,該怎麼辦呢'appclient.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter( 「testsecret」);'。謝謝安德魯! –
對不起安德魯 - 我再次。你有沒有更多關於如何讓NetworkCredentialApplicator工作的指針?從我試過的所有東西中,不會陷入401並重試。 –