考慮:.NET核心客戶不IdentityServer V3認證 - 膠印在觀衆
IdentityServer V3 JavaScript客戶端 天冬氨酸核心API客戶端
JavaScript客戶端與identityserver認證,使一個與承載令牌給API
API被配置爲使用的ressource所有者工作流請求
問題: 現在,我得到:
觀衆: 'http://localhost/identity/resources'。不匹配: validationParameters.ValidAudience: 'MyApi' 或 validationParameters.ValidAudiences: '空'
Obiviously Audiance不匹配。 我錯過了什麼?
配置
ApiClient在身份服務器:
return new Client
{
Enabled = true,
ClientId = "MyApi",
ClientName = "The client for the Groupl Api",
ClientSecrets = new List<Secret>
{
new Secret("foo".Sha256())
},
Flow = Flows.ResourceOwner,
AllowedScopes = ClientConstants.AllowedGrouplScopes()
};
在API連接到標識服務器:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
var authority = config["identity:authority:url"];
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = authority,
RequireHttpsMetadata = false,
EnableCaching = false,
ApiName = "myApi", //Correct that this is the client id?
ApiSecret = "foo"
});
這裏請求(ACCESS_TOKEN略)
GET /api/values HTTP/1.1
Host: localhost:59364
Content-Type: application/json
Authorization: Bearer {access_token}
更新
當我設置LegacyAudienceValidation = true
,一切工作正常,但我不知道如何正確處理呢?