IdentityServer4 遇到的坑

1.Error connecting to http://..../.well-known/openid-configuration. HTTPS required.

　　部署IdentityServer4 之后遇到的坑

　　参考 https://www.cnblogs.com/stulzq/p/9594623.html

　　IdentityServer4解决办法

　　

 

2.在identityServer 服务端登录后重定向时，遇到错误 http://localhost:56468/signin-oidc signin-oidc 报404

 

　　需要在Startup.cs 中 Configure 启动 添加 app.UseAuthentication(); 中间件，最好放在app.UseAuthorization() 之前

3.Correlation failed.  错误如下

　　

　　这是由谷歌内核浏览器 cookie 策略引起的，参考 http://www.ruanyifeng.com/blog/2019/09/cookie-samesite.html

　　a.换一个不是谷歌内核的浏览器

　　b.如下

 　　代码如下

services.Configure<CookiePolicyOptions>(options =>
            {
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                options.Secure = CookieSecurePolicy.SameAsRequest;
                options.OnAppendCookie = cookieContext =>
                    AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                options.OnDeleteCookie = cookieContext =>
                    AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            });

　　参考具体代码  

　　https://github.com/skoruba/IdentityServer4.Admin/blob/master/src/Skoruba.IdentityServer4.Shared/Authentication/AuthenticationHelpers.cs

public static class AuthenticationHelpers
    {
        public static void CheckSameSite(HttpContext httpContext, CookieOptions options)
        {
            if (options.SameSite == SameSiteMode.None)
            {
                var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
                if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent))
                {
                    // For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
                    options.SameSite = SameSiteMode.Unspecified;
                }
            }
        }

        public static bool DisallowsSameSiteNone(string userAgent)
        {
            // Cover all iOS based browsers here. This includes:
            // - Safari on iOS 12 for iPhone, iPod Touch, iPad
            // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
            // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
            // All of which are broken by SameSite=None, because they use the iOS networking stack
            if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12"))
            {
                return true;
            }

            // Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
            // - Safari on Mac OS X.
            // This does not include:
            // - Chrome on Mac OS X
            // Because they do not use the Mac OS networking stack.
            if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
                userAgent.Contains("Version/") && userAgent.Contains("Safari"))
            {
                return true;
            }

            // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
            // and none in this range require it.
            // Note: this covers some pre-Chromium Edge versions, 
            // but pre-Chromium Edge does not require SameSite=None.
            if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
            {
                return true;
            }

            return false;
        }
    }

4. 错误 OpenIdConnectProtocolException: 'access_denied' 或者 OpenIdConnectProtocolException: Message contains error: 'invalid_client',

　　

 　　解决办法 

 　　

　　检测你的秘钥是否正确

　　

　　这才是秘钥。

 5.默认情况下 HttpContext.User.Claims中是不带用户授权的一些身份信息的

　　1.解决办法

　　

　　2. 开源的客户端