Oauth2 with Postman and IdentityServer4

2020-07-23 06:11发布

问题:

I'm trying to register authenticate with Postman on my Identity Server 4. It worked with .Net Code 2 but I recently updated to .Net Core 3 and did adaptations. I can open my login page, I can login but then I'm not redirected properly. Is stay on login page and each time I click on Login I I loop on login page.

First here is my postman settings

When I click request token I get this page

So my login and password are correct but I keep looping on this page.

Here is my code:

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

namespace Oyg.IdentityServer
{
    public class Startup
    {
        public IWebHostEnvironment Environment { get; }

        public Startup(IWebHostEnvironment environment)
        {
            Environment = environment;
        }

        public void ConfigureServices(IServiceCollection services)
        {
            // uncomment, if you want to add an MVC-based UI
            services.AddControllersWithViews();

            var builder = services.AddIdentityServer()
                .AddInMemoryIdentityResources(Config.GetIdentityResources())
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients())
                .AddDeveloperSigningCredential(persistKey: false)
                .AddTestUsers(Config.GetUsers());

            // not recommended for production - you need to store your key material somewhere secure
            builder.AddDeveloperSigningCredential();
        }

        public void Configure(IApplicationBuilder app)
        {
            if (Environment.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            // uncomment if you want to add MVC
            app.UseStaticFiles();
            app.UseRouting();

            app.UseIdentityServer();

            // uncomment, if you want to add MVC
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapDefaultControllerRoute();
            });
        }
    }
}

And I also give you part of my config

public static IEnumerable<Client> GetClients()
        {
            return new List<Client>()
            {
                new Client
                {
                    ClientName = "Postman", //_configuration.GetSection("PostmanClient").GetValue<string>("ClientName"),
                    ClientId = "f26ee5d6-****.local.app", //_configuration.GetSection("PostmanClient").GetValue<string>("ClientId"),
                    AllowedGrantTypes = GrantTypes.Code,
                    AllowOfflineAccess = true,
                    IdentityTokenLifetime = 60 * 60 * 24,
                    AccessTokenLifetime = 60 * 60 * 24,
                    RedirectUris = new List<string>()
                    {
                        "https://www.getpostman.com/oauth2/callback"
                    },
                    PostLogoutRedirectUris = new List<string>()
                    {
                        "https://www.getpostman.com"
                    },
                    AllowedCorsOrigins = new List<string>()
                    {
                        "https://www.getpostman.com"
                    },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "api",
                        "roles"
                    },
                    ClientSecrets = new List<Secret>
                    {
                        new Secret("123456".Sha256())
                    },
                    AllowAccessTokensViaBrowser = true,
                    RequireConsent = false,
                    EnableLocalLogin = true,
                    Enabled = true
                }
             };

        }

And I can give you this also

{
"issuer": "https://localhost:44367",
"jwks_uri": "https://localhost:44367/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://localhost:44367/connect/authorize",
"token_endpoint": "https://localhost:44367/connect/token",
"userinfo_endpoint": "https://localhost:44367/connect/userinfo",
"end_session_endpoint": "https://localhost:44367/connect/endsession",
"check_session_iframe": "https://localhost:44367/connect/checksession",
"revocation_endpoint": "https://localhost:44367/connect/revocation",
"introspection_endpoint": "https://localhost:44367/connect/introspect",
"device_authorization_endpoint": "https://localhost:44367/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"roles",
"oygapi",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"role"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true
}

And the logs has requested:

[09:22:07 Information]
Starting host...

[09:22:13 Information] IdentityServer4.Startup
Starting IdentityServer4 version 3.0.1.0

[09:22:13 Information] IdentityServer4.Startup
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.

[09:22:13 Information] IdentityServer4.Startup
Using the default authentication scheme idsrv for IdentityServer

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for authentication

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for sign-in

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for sign-out

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for challenge

[09:22:13 Debug] IdentityServer4.Startup
Using idsrv as default ASP.NET Core scheme for forbid

[09:22:15 Debug] IdentityServer4.Startup
Login Url: /Account/Login

[09:22:15 Debug] IdentityServer4.Startup
Login Return Url Parameter: ReturnUrl

[09:22:15 Debug] IdentityServer4.Startup
Logout Url: /Account/Logout

[09:22:15 Debug] IdentityServer4.Startup
ConsentUrl Url: /consent

[09:22:15 Debug] IdentityServer4.Startup
Consent Return Url Parameter: returnUrl

[09:22:15 Debug] IdentityServer4.Startup
Error Url: /home/error

[09:22:15 Debug] IdentityServer4.Startup
Error Id Parameter: errorId

[09:22:15 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /.well-known/openid-configuration matched to endpoint type Discovery

[09:22:15 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint

[09:22:15 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration

[09:22:15 Debug] IdentityServer4.Endpoints.DiscoveryEndpoint
Start discovery request

[09:22:29 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize matched to endpoint type Authorize

[09:22:29 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint

[09:22:29 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize

[09:22:29 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
Start authorize request

[09:22:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
No user present in authorize request

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
ValidatedAuthorizeRequest
{"ClientId": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "ClientName": "Postman", "RedirectUri": "https://www.getpostman.com/oauth2/callback", "AllowedRedirectUris": ["https://www.getpostman.com/oauth2/callback"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "state": "", "client_id": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "scope": "openid profile", "redirect_uri": "https://www.getpostman.com/oauth2/callback"}, "$type": "AuthorizeRequestValidationLog"}

[09:22:30 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Augmenting SignInContext

[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding idp claim with value: local

[09:22:39 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding amr claim with value: pwd

[09:22:39 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
AuthenticationScheme: idsrv signed in.

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize/callback matched to endpoint type Authorize

[09:22:39 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint

[09:22:39 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback

[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
Start authorize callback request

[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
No user present in authorize request

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:39 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
ValidatedAuthorizeRequest
{"ClientId": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "ClientName": "Postman", "RedirectUri": "https://www.getpostman.com/oauth2/callback", "AllowedRedirectUris": ["https://www.getpostman.com/oauth2/callback"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "state": "", "client_id": "f26ee5d6-de33-4375-bc79-54550efa43d9.local.app", "scope": "openid profile", "redirect_uri": "https://www.getpostman.com/oauth2/callback"}, "$type": "AuthorizeRequestValidationLog"}

[09:22:39 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:39 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:39 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:46 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
No PKCE used.

[09:22:46 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[09:22:46 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client f26ee5d6-de33-4375-bc79-54550efa43d9.local.app succeeded.