本文介绍了Identity Server 4 不向控制器返回错误描述的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 Identity server 4 项目,它遵循有关如何显示错误的文档

I have an Identity server 4 project which follows the documentation on how to display the errors

家庭控制器:

public class HomeController : Controller
{
    private readonly IIdentityServerInteractionService _interaction;

    public HomeController(IIdentityServerInteractionService interaction)
    {
        _interaction = interaction;
    }

    public IActionResult Index()
    {
        return View();
    }

    public async Task<IActionResult> Error(string errorId)
    {
        var vm = new ErrorViewModel();
        var message = await _interaction.GetErrorContextAsync(errorId);
        if (message != null)
            vm.Error = message;
        return View("Error", vm);
    }
}

身份服务器本身在日志中提供了一些很好的信息

The Identity server itself is giving some good information in the logs

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Unknown client or not enabled: 3CCF1B2D-D064-4A1B-BFD4-57E0451575C7.apps.biz
{
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "client_id": "3CCF1B2D-D064-4A1B-BFD4-57E0451575C7.test.apps.biz",
          "redirect_uri": "http://localhost:4200/signin-oidc",
          "response_type": "id_token",
          "scope": "openid profile",
          "response_mode": "form_post",
          "nonce": "636589548258549622.YzMwMzRkNjAtYWU2Ni00ODlmLTg3ZWQtNmRmOThhYjcyN2JlZWFkYjk2MjEtNDAxNC00ZTQ1LWEzZTAtNTZmMWIyNDhkZjg1",
          "state": "CfDJ8FDPGFWZWNNOmnYDxcFlnVDZgaOG1kNakiXQF48y_4gnSxuIVAVQmMJ_4j9SUZz1TXGJDt4-8EKmoxLXuw3SZgyc5fy1ODzdS0Njd68T1W9dGxt8rFNrUF0njKk3XrSRTeJ45geS_uOL4w89OVupVq4UtHVbKxj3UMZLCn4W-BAXpXfo43KIT8RvxICMjbNtvPM1toEmMSlfdic6T6EZoxXpwim919xMLeQCY0S7QZdbc9DFfUfJkVYsLrofiBvQtZLfQjRQNp_7MiYFz_C4IQ7BAupErvZpcNvpBhQJWIt8BKlACVfKLHbvO6M0FKqa9A",
          "x-client-SKU": "ID_NET",
          "x-client-ver": "2.1.4.0"
        }
      }

 fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
  Invalid redirect_uri: http://localhost:4200/signin-oidc
{
        "ClientId": "testclient",
        "ClientName": "testclient",
        "AllowedRedirectUris": [
          "http://localhost:5002/signin-oidc"
        ],
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "client_id": "testclient",
          "redirect_uri": "http://localhost:4200/signin-oidc",
          "response_type": "code id_token",
          "scope": "openid profile",
          "response_mode": "form_post",
          "nonce": "636589567957415216.ZjYyZTU3MTEtZWRhZi00N2RhLWI1MjQtZThlZjk4NjY2NmJmZDQ4ZmUzNzQtMTI3MS00YTdiLTgzNDUtYThlMWU2NzcxMmM5",
          "state": "CfDJ8FDPGFWZWNNOmnYDxcFlnVByKSJA-wSjaBBIB2p-d1oUhuZNGBiD1gOFpnyxevmIKxNY1Hf15vlbpgLZoEVQ8O7UhyOpR1ANgUhhyl9nL4M63-2am7F1LJf9hwijkS0_WpxxJ-jYHlq4r99fS2tcaPFZjAG_UNjWYgTshD5Kps3czFvJOG04plaCn2zcKCX5AGgTVnxlG7__hi1ifn-xOipynq5nHBIasMT6doCmpjktAqx7AOK4C1D__YbVMkcRhC70qYFCfoSNhpUrROXZobP6GxYXd1y5EEbA_oXJjmePFdEL-MFQp0o5D_H_mXsU1g",
          "x-client-SKU": "ID_NET",
          "x-client-ver": "2.1.4.0"
        }
      }

然而,GetErrorContextAsync 并没有将唯一的信息返回给我的控制器,因此只能向用户显示错误名称.

However the only information isnt returned to my controller by GetErrorContextAsync so only the error name can be displayed to the user.

错误的描述根本没有填写.

The description of the error isn't filled out at all.

我如何获得最少填充的描述?

How do i get at the very least description populated?

我正在寻找一种方式来为这里的开发人员显示一些合理的信息.然而,每个错误都返回了未授权的客户端,所以我不能告诉开发人员这是重定向 URI 和无效客户端 ID 的问题.

I am looking for a way of displaying some sensible information for the developers here. However every error seams to return unauthorized_client so i cant tell the developer that its a problem with the redirect URI vs an invalid client id.

if (vm.Error.Error == "unauthorized_client") vm.Error.ErrorDescription = "Contact plugin developer.";

注意:重定向 URI 似乎确实返回了描述.

Note: Redirect URI one does appear to return a description.

推荐答案

这是有意设计的.您无法访问控制器中 unathorized_client 的原因.

This is intended by design. You can't access to the reason for unathorized_client in your controller.

您还可以查看来源以了解发生了什么.

you can also check the source to see what's going on.

//////////////////////////////////////////////////////////
// check for valid client
//////////////////////////////////////////////////////////
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
    LogError("Unknown client or not enabled", request.ClientId, request);
    return Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient);
}

https://github.com/IdentityServer/IdentityServer4/blob/dev/src/IdentityServer4/Validation/AuthorizeRequestValidator.cs#L150

这篇关于Identity Server 4 不向控制器返回错误描述的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-21 03:07