这就是我的场景。
身份:https://mydomain.subdomain.com.br/homol/identity
访问端点时https://mydomain.subdomain.com.br/homol/identity/.well-known/openid-configuration这是我的回复
{
"issuer":"http://mydomain.subdomain.com.br/",
"jwks_uri":"http://mydomain.subdomain.com.br/.well-known/openid-configuration/jwks",
"authorization_endpoint":"http://mydomain.subdomain.com.br/connect/authorize",
"token_endpoint":"http://mydomain.subdomain.com.br/connect/token",
"userinfo_endpoint":"http://mydomain.subdomain.com.br/connect/userinfo",
"end_session_endpoint":"http://mydomain.subdomain.com.br/connect/endsession",
"check_session_iframe":"http://mydomain.subdomain.com.br/connect/checksession",
"revocation_endpoint":"http://mydomain.subdomain.com.br/connect/revocation",
"introspection_endpoint":"http://mydomain.subdomain.com.br/connect/introspect",
"device_authorization_endpoint":"http://mydomain.subdomain.com.br/connect/deviceauthorization",
"frontchannel_logout_supported":true,
"frontchannel_logout_session_supported":true,
"backchannel_logout_supported":true,
"backchannel_logout_session_supported":true,
"scopes_supported":[
"openid",
"email",
"profile"
],
"claims_supported":[
"sub",
"email_verified",
"email",
"updated_at",
"locale",
"zoneinfo",
"birthdate",
"website",
"picture",
"profile",
"preferred_username",
"nickname",
"middle_name",
"given_name",
"family_name",
"name",
"gender"
],
"grant_types_supported":[
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported":[
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported":[
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported":[
"client_secret_basic",
"client_secret_post"
],
"subject_types_supported":[
"public"
],
"id_token_signing_alg_values_supported":[
"RS256"
],
"code_challenge_methods_supported":[
"plain",
"S256"
],
"request_parameter_supported":true
}
两个问题:
1-为什么子域被删除?
2-当用户访问SPA应用程序,然后oidc客户端将他重定向(使用siginRedirect方法(到Login时,由于子域再次被删除,因此找不到端点。
谢谢。
默认情况下,Identityserver从请求中推断出源名称您可以在此处阅读更多Identityserver选项-http://docs.identityserver.io/en/3.1.0/reference/options.html
您可以将Identity Server配置为使用您的自定义来源
services.AddIdentityServer(options =>
{
options.PublicOrigin ="https://mydomain.subdomain.com.br/homol/identity";
})