我正在以以下方式创建一个JWk设置为的客户端
new Client
{
ClientId = "infernoSystemClient",
ClientName = "Client Credentials Client",
RequireRequestObject = true,
ClientSecrets =
{
new Secret
{
// JWK formatted RSA key
Type = IdentityServerConstants.SecretTypes.JsonWebKey,
Value = "{'kty': 'RSA','alg': 'RS384','n': 'vjbIzTqiY8K8zApeNng5ekNNIxJfXAue9BjoMrZ9Qy9m7yIA-tf6muEupEXWhq70tC7vIGLqJJ4O8m7yiH8H2qklX2mCAMg3xG3nbykY2X7JXtW9P8VIdG0sAMt5aZQnUGCgSS3n0qaooGn2LUlTGIR88Qi-4Nrao9_3Ki3UCiICeCiAE224jGCg0OlQU6qj2gEB3o-DWJFlG_dz1y-Mxo5ivaeM0vWuodjDrp-aiabJcSF_dx26sdC9dZdBKXFDq0t19I9S9AyGpGDJwzGRtWHY6LsskNHLvo8Zb5AsJ9eRZKpnh30SYBZI9WHtzU85M9WQqdScR69Vyp-6Uhfbvw','e': 'AQAB','use': 'sig','key_ops': ['verify'],'ext': true,'kid': 'b41528b6f37a9500edb8a905a595bdd7'}"
}
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "system/*.read" }
}
并以以下方式调用同一客户端。。
我的客户端应用程序正在使用以下参数调用这个端点/连接/令牌
client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzM4NCIsImtpZCI6IjRiNDlhNzM5ZDFlYjExNWIzMjI1ZjRjZjliZWI2ZDFiIn0.eyJpc3MiOiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpGVXpNNE5DSXNJbXRwWkNJNklqUmlORGxoTnpNNVpERmxZakV4TldJek1qSTFaalJqWmpsaVpXSTJaREZpSW4wLmV5SnBjM01pT2lKcGJtWmxjbTV2VTNsemRHVnRRMnhwWlc1MElpd2ljM1ZpSWpvaWFXNW1aWEp1YjFONWMzUmxiVU5zYVdWdWRDSXNJbUYxWkNJNkltaDBkSEJ6T2k4dmFXRnRMbVYwYUdsNmJ5NWpiMjB2WTI5dWJtVmpkQzkwYjJ0bGJpSXNJbVY0Y0NJNk1UWTJNVEkyTkRZeE15d2lhblJwSWpvaU16Z3dNVFl4TVRObE9UZzFNMlpqTnpVeU9HSTVZV0l4TUdKak9EYzJZelZpWlRNeVpERmtPV0U1TWpsaE5tTmpPRGMxTkdNM09EazFaVGswWkRFNU5DSjkuNWN4TXQ3OW1KaXRuNEZyMm11THNkMVFJQ2lYcjhkTnZXd09IaWdzRmlrWmpQU0pSRl8wam54MTg4Uk9IVDlmN2VnLWFMRkFpd0p3ZVB3T21lZVg0YVdyTGZJTXd6WkYzQ3hmU2JNeXZnSTJ0andGMFN5cFgybU9YbDBQNkh0QUUiLCJzdWIiOiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpGVXpNNE5DSXNJbXRwWkNJNklqUmlORGxoTnpNNVpERmxZakV4TldJek1qSTFaalJqWmpsaVpXSTJaREZpSW4wLmV5SnBjM01pT2lKcGJtWmxjbTV2VTNsemRHVnRRMnhwWlc1MElpd2ljM1ZpSWpvaWFXNW1aWEp1YjFONWMzUmxiVU5zYVdWdWRDSXNJbUYxWkNJNkltaDBkSEJ6T2k4dmFXRnRMbVYwYUdsNmJ5NWpiMjB2WTI5dWJtVmpkQzkwYjJ0bGJpSXNJbVY0Y0NJNk1UWTJNVEkyTkRZeE15d2lhblJwSWpvaU16Z3dNVFl4TVRObE9UZzFNMlpqTnpVeU9HSTVZV0l4TUdKak9EYzJZelZpWlRNeVpERmtPV0U1TWpsaE5tTmpPRGMxTkdNM09EazFaVGswWkRFNU5DSjkuNWN4TXQ3OW1KaXRuNEZyMm11THNkMVFJQ2lYcjhkTnZXd09IaWdzRmlrWmpQU0pSRl8wam54MTg4Uk9IVDlmN2VnLWFMRkFpd0p3ZVB3T21lZVg0YVdyTGZJTXd6WkYzQ3hmU2JNeXZnSTJ0andGMFN5cFgybU9YbDBQNkh0QUUiLCJhdWQiOiJodHRwczovL2lhbS5ldGhpem8uY29tL2Nvbm5lY3QvdG9rZW4iLCJleHAiOjE2NjEyNjUxNzUsImp0aSI6ImRkYjIyZjQxMDkyYTY0NDlmOWNiYjQ4NzgyY2QxZmI0MGQyZWQ1Nzc4NjdjNTM0ZWVhMjU2NGU3NmZkNWMxMzYifQ.m-nWIEKV1sv6zxX72jaq5L12Owixl-nxFYfOkINGyUPx-qZH2uJYUQC-iKJedpJRUZGyzyqWK1OelYu-Ze1w38gwMss1xGQ50esom6xd8dYyz6-XYhT45F7uDfiySDLx&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&grant_type=client_credentials&scope=system%2F%2A.read
但上面写着无效客户。。当我看到身份服务器端的日志时,上面写着
令牌终结点的HTTP请求无效找不到客户端标识符
默认情况下,Identity Server(IDS(身份验证方法支持client_secret_basic和client _secret_post。以下是Identity Server的openid配置片段。
"token_endpoint_auth_methods_supported":["client_secret_basic";,"client_secret_post";,"private_key_jwt";]
为了使用JWT(client_assertion(和JWK成功生成访问令牌,您需要启用"private_key_jwt">IDS中的auth方法。您可以通过在配置服务中注入秘密解析器和验证器来激活该功能。
public void ConfigureServices(IServiceCollection services)
{
//IReplayCache DI required for PrivateKeyJwtSecretValidator
services.TryAddTransient<IReplayCache, DefaultReplayCache>();
//Add Secret Parser and Validator for JWT validation
services.AddIdentityServer().AddSecretParser<JwtBearerClientAssertionSecretParser>().AddSecretValidator<PrivateKeyJwtSecretValidator>();
}