我有一个客户端集成,我希望在服务器和我们的服务器之间进行机器对机器授权。我假设我可以使用authorization_code流,但它似乎需要用户cookie存在,否则它总是重定向到登录页面。
是否有一种使用IdentityServer4的方法可以让服务器向我请求一些用户信息,例如加密的用户标识符,我可以用它返回授权码?我已经能够通过自己的AuthorizeInteractionResponseGenerator实现其中的一些功能。我重写了ProcessLoginAsync()方法,并引入了一种新的提示类型,比如abc,所以当提供的提示类型是abc时,我从原始请求中获取用户的标识符,并记录该用户生成ClaimsPrincipal,直到最后我得到错误:
InvalidOperationException:用户当前未通过身份验证
呈现的堆栈跟踪如下:
System.InvalidOperationException: User is not currently authenticated
at IdentityServer4.Services.DefaultUserSession.<SetClientListPropertyValueAsync>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultUserSession.<SetClientsAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultUserSession.<AddClientIdAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.Results.AuthorizeResult.<ProcessResponseAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.Results.AuthorizeResult.<ExecuteAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.<Invoke>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.BaseUrlMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Rp.Middleware.IdHashing.IdHashingMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()
因为有一个要求,所以必须这样做,对此没有争议,但我希望你能帮助我解决上述错误?此外,我是否做了太多的返工,而我可以通过其他方式利用IdentityServer4来实现这一点?
期待您的回复。谢谢
更新:
因此,为了给每个人更多的上下文,我不想做一个单一签名。我正在做的是,我正在为一个不希望用户知道该应用程序不是来自他们的客户构建一个应用程序。因此,用户登录到客户端网站,但在其中一个页面上,会加载出Angular应用程序。现在这个应用程序不依赖于客户端,它在我们的数据库中有它所需要的一切,它从客户端所需要的只是一些东西传递给我们,这样我们就可以在我们的应用程序上登录客户端用户,但无需任何同意或任何东西,让人觉得我们的应用实际上是客户端应用程序的一部分。我们也不能完全依赖客户端身份验证,因为我有多个客户端,每个人的身份验证方式都不同。
机器对机器通信首选的流称为client credentials。话虽如此,在机器对机器的通信场景中似乎需要有用户上下文,这样在技术上也可以使用resource owner credentials流。为此,您需要在身份服务器4端实现IResourceOwnerPasswordValidator。
在开始任何这些实现之前,请确保您了解使用resource owner credentials流的安全问题,因为它通常不受欢迎,也不推荐使用。此外,您似乎正在寻找出现在机器对机器通信场景中的用户上下文,因此这在设计中似乎已经是一个危险信号。
如果您需要更多信息,可以参考身份服务器4的优秀快速启动示例,在那里您可以检查如何实现上述两个流。
Identity Server 4示例