IdentityServer 报错:"idp claim is missing"

2021-02-15 14:30发布

问题:

一个使用 IdentityServer4 的 ASP.NET Core 项目在完成登录后跳转到 /connect/authorize/callback 时报错,对应的错误日志如下:

Unhandled exception: idp claim is missing
System.InvalidOperationException: idp claim is missing
   at IdentityServer4.Extensions.PrincipalExtensions.GetIdentityProvider(IIdentity identity)
   at IdentityServer4.Extensions.PrincipalExtensions.GetIdentityProvider(IPrincipal principal)
   at IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator.ProcessLoginAsync(ValidatedAuthorizeRequest request)
   at IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator.ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent)
   at IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent)
   at IdentityServer4.Endpoints.AuthorizeEndpoint.ProcessAsync(HttpContext context)
   at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)

请问如何解决?

回答1:

通过下面的代码解决了,详见博文 解决 IdentityServer 授权与登录分离的问题

var isu = new IdentityServerUser(userId.ToString());
isu.IdentityProvider = IdentityServerConstants.LocalIdentityProvider;
isu.AuthenticationMethods.Add(OidcConstants.AuthenticationMethods.Password);
isu.AuthenticationTime = DateTime.UtcNow;

await HttpContext.SignInAsync(
    IdentityServerAuthentication.DefaultScheme,
    isu.CreatePrincipal());


回答2:

OIDC对idtoken的规范中idp并不是必选的,iss,sub以及有效时间两个字段是必选的。

这里报错应该是ids4自身的实现要求的吧。