我正在通过“带有PKCE的授权码授予”功能将IdentityServer4用作移动应用程序的身份验证服务。登录成功,但不会重定向,它停留在/ connect / authorize / callback上,并且在一段时间后出现错误502 Bad Gateway,并且控制台日志中的最后一条消息是“正在创建授权代码流响应”。
代码:
new Client
{
ClientId = "app",
ClientName = App",
AllowedGrantTypes = GrantTypes.Code,
RequireClientSecret = false,
RequirePkce = false,
RequireConsent = false,
RedirectUris = { "net.websites.example-site://oauth2redirect" },
// this scopes can be used by this client
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api",
AccessTokenLifetime = 7200,
IdentityTokenLifetime = 7200,
}
日志:
[16:50:55 INF] Request starting HTTP/1.1 GET http://localhost:5000/connect/authorize/callback?nonce=ckf7_szTJaEwCT6TbQXCPuUmqt7L71hyrttk7t91fys&response_type=code&code_challenge_method=S256&scope=openid%20profile%20email%20api&code_challenge=G7W07PUgQozuiLN92tJFY5bKrMryBlXoR00qY1lHac4&redirect_uri=net.websites.example-site%3A%2F%2Foauth2redirect&client_id=app&state=OfdtNuzqL60F0vvkys-s_k_kch9wGiifB8i-IzHxRw0
[16:50:55 INF] No cached response available for this request.
[16:50:55 INF] AuthenticationScheme: Identity.Application was successfully authenticated.
[16:50:55 INF] AuthenticationScheme: Identity.Application was successfully authenticated.
[16:50:55 INF] AuthenticationScheme: Identity.Application was successfully authenticated.
[16:50:55 DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
[16:50:55 DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
[16:50:55 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
[16:50:55 DBG] Start authorize callback request
[16:50:55 DBG] User in authorize request: 87882d3f-3802-4db4-be2a-e85bb97f05c1
[16:50:55 DBG] Start authorize request protocol validation
[16:50:55 DBG] Checking for PKCE parameters
[16:50:55 INF] ValidatedAuthorizeRequest
{
"ClientId": "app",
"ClientName": "App",
"RedirectUri": "net.websites.example-site://oauth2redirect",
"AllowedRedirectUris": [
"net.websites.example-site://oauth2redirect"
],
"SubjectId": "87882d3f-3802-4db4-be2a-e85bb97f05c1",
"ResponseType": "code",
"ResponseMode": "query",
"GrantType": "authorization_code",
"RequestedScopes": "openid profile email api",
"State": "OfdtNuzqL60F0vvkys-s_k_kch9wGiifB8i-IzHxRw0",
"Nonce": "ckf7_szTJaEwCT6TbQXCPuUmqt7L71hyrttk7t91fys",
"SessionId": "bcd41f50110a7bd67eac99168d969ad4",
"Raw": {
"nonce": "ckf7_szTJaEwCT6TbQXCPuUmqt7L71hyrttk7t91fys",
"response_type": "code",
"code_challenge_method": "S256",
"scope": "openid profile email api",
"code_challenge": "G7W07PUgQozuiLN92tJFY5bKrMryBlXoR00qY1lHac4",
"redirect_uri": "net.websites.example-site://oauth2redirect",
"client_id": "app",
"state": "OfdtNuzqL60F0vvkys-s_k_kch9wGiifB8i-IzHxRw0"
}
}
[16:50:55 DBG] Client is configured to not require consent, no consent is required
[16:50:55 DBG] Creating Authorization Code Flow response.