0条评论
还没有人评论过~
问题:
一个使用 IdentityServer4 的 ASP.NET Core 项目在完成登录后跳转到 /connect/authorize/callback 时报错,对应的错误日志如下:
Unhandled exception: idp claim is missing
System.InvalidOperationException: idp claim is missing
at IdentityServer4.Extensions.PrincipalExtensions.GetIdentityProvider(IIdentity identity)
at IdentityServer4.Extensions.PrincipalExtensions.GetIdentityProvider(IPrincipal principal)
at IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator.ProcessLoginAsync(ValidatedAuthorizeRequest request)
at IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator.ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent)
at IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent)
at IdentityServer4.Endpoints.AuthorizeEndpoint.ProcessAsync(HttpContext context)
at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)
请问如何解决?
回答1:
通过下面的代码解决了,详见博文 解决 IdentityServer 授权与登录分离的问题
var isu = new IdentityServerUser(userId.ToString());
isu.IdentityProvider = IdentityServerConstants.LocalIdentityProvider;
isu.AuthenticationMethods.Add(OidcConstants.AuthenticationMethods.Password);
isu.AuthenticationTime = DateTime.UtcNow;
await HttpContext.SignInAsync(
IdentityServerAuthentication.DefaultScheme,
isu.CreatePrincipal());
回答2:
OIDC对idtoken的规范中idp并不是必选的,iss,sub以及有效时间两个字段是必选的。
这里报错应该是ids4自身的实现要求的吧。