Razor .net Core 3.1与IdentityServer4

我知道在不同的帖子中讨论了这个主题,但是我没有找到解决问题的答案。

我正在使用.net core 3.1和IdentityServer4做POC。

目前,我有一个带IdentityServer4的Auth服务器和一个.net核心中的控制台应用程序。这种组合有效,我没有问题。

下一步是做一个空白网站,以查看身份验证如何与IdentityServer4一起使用。我已经在我的Auth服务器中添加了一个客户端,并且也做了该网站,当我尝试使用模型[Authorize]访问页面时,我收到了消息:。

抱歉,出现错误:invalid_scope      无效的范围

这是我设置客户的地方:

public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {
            new Client
            {
                ClientId = "consoleappclient",
                AllowedGrantTypes = GrantTypes.ClientCredentials,
                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },
                AllowedScopes = { "bxsecurityapi" }
            },
             // OpenID Connect implicit flow client (MVC)
            new Client
            {
                ClientId = "razorappclient",
                ClientName = "Razor Client",
                AllowedGrantTypes = GrantTypes.Implicit,

                RedirectUris = { "https://localhost:5005/signin-oidc" },
                PostLogoutRedirectUris = { "https://localhost:5005/signout-callback-oidc" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,
                }
            }
        };
    }

这是我的客户:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddRazorPages();

        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = "oidc";
        })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";

                options.Authority = "https://localhost:5001";
                options.RequireHttpsMetadata = false;

                options.Scope.Add("openid");

                options.ClientId = "razorappclient";
                options.SaveTokens = true;
            });
    }

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseAuthentication();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseRouting();

        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapRazorPages();
        });
    }

先感谢您