说明:使用项目代码是这个,做了一点体力活:将 implicit grant types(简化授权类型)的页面跳转流程抓了个包。

QuickstartIdentityServer 项目的发布地址:127.0.0.1:5000

MvcClient  项目的发布地址:127.0.0.1:5002

下面的顺序按照implicit grant types 走下来的,0步骤会在 MvcClient  第一次获取identity server信息时发生,所以在获取到配置信息后,正常的流程是1-9。

0 获取 identity Server 认证、授权配置信息

GET 127.0.0.1:5000/.well-known/openid-configuration

HTTP/1.1 200 OK

{"issuer":"http://127.0.0.1:5000","jwks_uri":"http://127.0.0.1:5000/.well-known/openid-configuration/jwks","authorization_endpoint":"http://127.0.0.1:5000/connect/authorize","token_endpoint":"http://127.0.0.1:5000/connect/token","userinfo_endpoint":"http://127.0.0.1:5000/connect/userinfo","end_session_endpoint":"http://127.0.0.1:5000/connect/endsession","check_session_iframe":"http://127.0.0.1:5000/connect/checksession","revocation_endpoint":"http://127.0.0.1:5000/connect/revocation","introspection_endpoint":"http://127.0.0.1:5000/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["openid","profile","api1","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit","password"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}

-----------------

GET /.well-known/openid-configuration/jwks 

HTTP/1.1 200 OK

{"keys":[{"kty":"RSA","use":"sig","kid":"bd30634bfbca33e60053095763302f84","e":"AQAB","n":"ox765ltEHzAQPG4rNR722wh_iWoDkZX8L9ML8QmIIugQxHNH4A8bc2-lWl6q--sxI5bWygDDn3YONiPdnuZHgM6cX0FX_fDg0le9aGBAt2sQdzlZzs51nMfgyiNv1lspzjRlKQeOKfk7tbOBbw8JRDZcudx0DrIx2JWc6eLcHXnGRw_BcaSBkhXVYg6YoCe9JrKSQe0Rnen574C2Oo7hZTDS3U1ol4qFPMBDT6QgbWT0qTEYfqOWhxNrufX7ypEaV85k3gJlL-n3AKh0jtOeYlxbnTtRYfoojpjw4bxat5sS9k-VoFMUf9eZBgSrlAL5aMwURxyeWG_DRKatYvHR8Q","alg":"RS256"}]}

1 访问客户端受保护的资源

GET 127.0.0.1:5002/Home/Secure

Referer: http://127.0.0.1:5002/

HTTP/1.1 302 Found

Location: http://127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

#http://127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http://127.0.0.1:5002/signin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

2 重定向到:请求identity Service 授权

GET 127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1

#connect/authorize?client_id=mvc&redirect_uri=http://127.0.0.1:5002/signin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

Referer: http://127.0.0.1:5002/

HTTP/1.1 302 Found

Location: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

3 重定向到:请求 identity Service 登录页面

GET 127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1

#

Referer: http://127.0.0.1:5002/

HTTP/1.1 200 OK

<!DOCTYPE html>

4 提交登录表单

POST /account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1

Referer: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

Content-Type: application/x-www-form-urlencoded

HTTP/1.1 302 Found

Location: /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

5 重定向到:请求 identity Service 用户同意页面

GET /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1

Referer: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

HTTP/1.1 200 OK

<!DOCTYPE html>

6 提交 用户同意表单

POST /consent HTTP/1.1

Referer: http://127.0.0.1:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

Cache-Control: max-age=0

HTTP/1.1 302 Found

Location: /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

7 重定向到:identity Service 授权回调

GET /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1

Referer: http://127.0.0.1:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

Host: 127.0.0.1:5000

Connection: Keep-Alive

Cookie: .AspNetCore.Antiforgery.YjAxvW2xqCo=CfDJ8KjKmIpVmpVHjwkDwUwE7k1xn6W14nk_E0cRvwWveGwSyaaqD7sS2pSTAE43QsB7xRIVuLBsNiOk9ib-83IIDT874ymk3A6Xg9waHRH8csTfVyxtxMbjarHFfTGS29kDMaBbSQITR9Fj_bgjDLgOXaI; idsrv.session=be16971582a80c99fd0286310cf00363; idsrv=CfDJ8KjKmIpVmpVHjwkDwUwE7k34O8JeSGKhYR40MCwGcWlElGczJ732hBb7D-VSzKh9gz7xwxW0ysAaweb6KafSkOgi4bXHY62o2msxzeoWA5E4uh16QUIo1Flh4GSy-c2sSP2aYdS3r2ljpu8G9ntl7RlJI8qNsuDJLb_EUdueHRaATYfNAJ7BU-N8XnJ87mYPb6CV3HBsUSdjABbPu6biVyI7Spr7BHcHyzbfnUgcxuW63og135jhr-_cmQuFlPVb61xTNcafm4OAYa3ter29I3qj1yZfNQDMqXzwtRaRWMrrFPe4eOZD5daaF8YXT5rzBLZRpZM-bJw9m5SI5FGapVlM4mFhH-bb9BWXrRxIKj-04WRMiBiXxycInIlcbHuRLwNgzCSPIIKCk79UT5gYQfrC1u-ejKoIAMfokdKVtr4dTiiMZMumR2gk-hYExy1q1X2--Z1Vf_lpMGApx5rveg8eb3mhWJi9p8PGWjjCFKqL; ConsentResponse.NEqTdfMa_qlc7u3gFoMYkmGSvsJLSjso3mzLtAL8o1I=CfDJ8KjKmIpVmpVHjwkDwUwE7k2k-7mmBieBu5AEPr9OYTHPmI-QCx1hCbPvGGFhcyWBr18UqTyDbwoeGYBTxHTh0GPF5BOI01qvFUA1WN96EqT15dGN9nUPGXojcOhbH7NW3e5qOjx-NkSGZPspg60t5jVwMXslPqx-M5Shpm_6P9wtDMRXWDkMOoR2r1YVc9kiN22oNB7zJBN6yNDeMnYj0KZ-AOSWpL5ZhQb3zUWXSjld6SgBqw2k6zMcp2SCqgUK9W9mP1sgi6QTqfHF1V4-rK0

HTTP/1.1 200 OK

Set-Cookie: ConsentResponse.NEqTdfMa_qlc7u3gFoMYkmGSvsJLSjso3mzLtAL8o1I=.; expires=Fri, 31 Dec 1999 16:00:00 GMT; path=/; samesite=lax; httponly

Set-Cookie: idsrv=CfDJ8KjKmIpVmpVHjwkDwUwE7k0-F0MNdt22QvDnLb_-24iyo2T0beQ9LLPqzS-bm1UY39QbA5HpuMpDfWZfBfm8SGI1vqcwuL7-4RM03nnMf8fyvUBgp5Qjr7CRyL9I83tIK_lx293vQDlH1T_IcImzhyh5J4WGAXnorJKtvvuVwL8Okxf9SekJ5alVFpoxHEHR4Ok_cltkvf8-gaxMgSHTVCdSaFB4FchmcMSjJjMpxHbM4SqNryH4FnBwfJMekDXxqNIUMn6b8QHkN2Js4n0Vlc26AnTdm8n4yuXuDvB0DfTvtlEi5p6pqO3xJevHC2ZT8ryl7cOIqAQqTe94VB5gl3eob2q0q_H2Lk5ONdLVBNIwv6CsWi8RNlsBslDxcFZl1YzU5CK9rQGPOLUCvx0vv-5Ix_BI959MxGK6e_8jBHhkepKja8h38m-OA2UTNJsdDFfFoH8MsDfks1ytjInmOwgt2Fl7LMthLPWMyNVaIzkapIGNN9XDikwPfuGMAhi2Pg; path=/; httponly

Content-Security-Policy: default-src 'none'; frame-ancestors http://127.0.0.1:5002; script-src 'sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=';

X-Content-Security-Policy: default-src 'none'; frame-ancestors http://127.0.0.1:5002; script-src 'sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=';

Referrer-Policy: no-referrer

<form method='post' action='http://127.0.0.1:5002/signin-oidc'><input type='hidden' name='id_token' value='eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkMzA2MzRiZmJjYTMzZTYwMDUzMDk1NzYzMzAyZjg0IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NDAyODYyMDksImV4cCI6MTU0MDI4NjUwOSwiaXNzIjoiaHR0cDovLzEyNy4wLjAuMTo1MDAwIiwiYXVkIjoibXZjIiwibm9uY2UiOiI2MzY3NTg4MjE2MDY3NjkxNzQuTWpOak1XRmhOVEF0WmpVNU9TMDBNMlF4TFdJMU9XSXRPV1l3TUdOaVpHUTBaV0ZrTXpReE5USmpZVGt0Tm1VNU9DMDBaVEpqTFdGbVpEY3RPVGMzTWpZMU5ESTNOR0ptIiwiaWF0IjoxNTQwMjg2MjA5LCJzaWQiOiJiZTE2OTcxNTgyYTgwYzk5ZmQwMjg2MzEwY2YwMDM2MyIsInN1YiI6IjEiLCJhdXRoX3RpbWUiOjE1NDAyODU5NTMsImlkcCI6ImxvY2FsIiwibmFtZSI6IkFsaWNlIiwid2Vic2l0ZSI6Imh0dHBzOi8vYWxpY2UuY29tIiwiYW1yIjpbInB3ZCJdfQ.egapXpCShj07m2ldf1lRxc-5O6eqElpSvmTjQ9clgi1WxtR6Gf_iNhhIwm5aNQv9pSE9cLUwjg7-3XWfrBPKtKPCgC-N_50nKRW3SDct1NGcr6Yw9UAd049glC7B5WbHa2qAfqy8c61IiGA77r6roXNdvyk6jNGc4cLQHKGfPF-7tIN5ipQvFuXEpwWEYSGrjx8cO2_B3Dvd_eCIuD7ZotEEl0gvq1cn3RlKDT9qrPN_AvYqNRkFwDfLW4BgACo3XTX4fp9H6Y0dHdbfkCuA287nIyrH47U-US-7rbUh2vjyAf7GrJgE1iTl7ltr8FTSmjt0gHZJJMFHHq9CKmVBbg' />

<input type='hidden' name='scope' value='openid profile' />

<input type='hidden' name='state' value='CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs' />

<input type='hidden' name='session_state' value='46esjgZEyWUfSUkVvHKy8Opvnq0mmY19WfvOfc9BuLE.78306e80b16a34dd965f55cf78237a2d' />

<noscript><button>Click to continue</button></noscript></form><script>(function(){document.forms[0].submit();})();</script>

8 自动提交表单:提交表单到客户端 openid 登录入口

POST /signin-oidc HTTP/1.1

Referer: http://127.0.0.1:5000/connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

Cache-Control: max-age=0

Content-Type: application/x-www-form-urlencoded

HTTP/1.1 302 Found

Location: http://127.0.0.1:5002/Home/Secure

9 重定向到:客户端受保护资源

GET /Home/Secure HTTP/1.1

Referer: http://127.0.0.1:5000/connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

HTTP/1.1 200 OK

Date: Tue, 23 Oct 2018 09:16:50 GMT

Content-Type: text/html; charset=utf-8

Server: Kestrel

Transfer-Encoding: chunked

<!DOCTYPE html>

可以参考:

https://identityserver4.readthedocs.io/en/release/index.html

https://aaronparecki.com/oauth-2-simplified/

https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth

如果你们看明白了,而且写成中文可以告诉我,反正我是没怎么明白。

indetityserver4-implicit-grant-types-请求流程叙述-上篇的更多相关文章

  1. zookeeper源码分析之五服务端(集群leader)处理请求流程

    leader的实现类为LeaderZooKeeperServer,它间接继承自标准ZookeeperServer.它规定了请求到达leader时需要经历的路径: PrepRequestProcesso ...

  2. OAuth2.0学习(1-5)授权方式2-简化模式(implicit grant type)

    授权方式2-简化模式(implicit grant type) 简化模式(implicit grant type)不通过第三方应用程序的服务器,直接在浏览器中向认证服务器申请令牌,跳过了"授 ...

  3. OAuth2.0和企业内部统一登录,token验证方式,OAuth2.0的 Authorization code grant 和 Implicit grant区别

    统一登录是个很多应用系统都要考虑的问题,多个项目的话最好前期进行统一设计,否则后面改造兼容很麻烦: cas认证的方式:新公司都是老项目,用的是cas认证的方式,比较重而且依赖较多,winform的项目 ...

  4. 配置Postman通过OAuth 2 implicit grant获取Dynamics 365 CE Online实例的Access Token

    微软动态CRM专家罗勇 ,回复335或者20190516可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me. 对于测试Web API, Get 类型,不需要设定特别reque ...

  5. ASP.NET MVC学前篇之请求流程

    ASP.NET MVC学前篇之请求流程 请求流程描述 对于请求的流程,文章的重点是讲HttpApplication和HttpModule之间的关系,以及一个简单的示例实现.(HttpModule又是M ...

  6. MVC视图请求流程视图

    /*         *视图请求流程         *当接受到home/index请求时         *先去找viewstart.cshtml视图,再去加载index.cshtml视图      ...

  7. HTTP请求流程(一)----流程简介

    最近一直在研究如何让asp.net实现上传大文件的功能,所以都没怎么写技术类的文章了.可惜的是至今还没研究出来,惭愧~~~.不过因为这样,也了解了一下http消息请求的大致过程.我就先简单介绍下,然后 ...

  8. [转】:HTTP请求流程(一)----流程简介

    http://www.cnblogs.com/stg609/archive/2008/07/06/1236966.html HTTP请求流程(一)----流程简介 最近一直在研究如何让asp.net实 ...

  9. django源码分析 请求流程

    一.从浏览器发出一个请求,到返回响应内容,这个过程是怎么样的? 1. 浏览器解析输入的url 2. 查找url对应的ip地址 3. 通过ip地址访问我们的服务器 1.  请求进入wsgi服务器(我在这 ...

随机推荐

  1. POJ - 2251 Dungeon Master(搜索)

    You are trapped in a 3D dungeon and need to find the quickest way out! The dungeon is composed of un ...

  2. AWVS 安全渗透扫描

    1.打开软件,点击 New Scan 2.在 website url 中输入被扫描的网址,点击 next 3.在 scanning profile 中选择测试的漏洞类型,默认选择 default(默认 ...

  3. Spring Framework 之AOP

    Spring Framework 之AOP 目录 Spring Framework 之AOP 问题 AOP概述 AOP知识 1.连接点(Joinpoint) 2.切点(PointCut) 3.增强(A ...

  4. Node 内存泄漏排查案例

    背景 在阿里云上看到我运行了一段时间的程序,发现 memory 一项基本是在稳步提升,就知道有内存泄漏的情况出现.如下图 近三日从 35% 升到 40%,缓慢而坚定的提升. 代码 排查此问题需要分析其 ...

  5. C. p-binary(二进制暴力)

    \(设最后的答案为t,那么有\) $$2^+2^+...2^+tp=n$$ \(那我们完全可以枚举这个t,判断n-tp(我们下面记为z)能刚好被t个二进制表示\) \(首先,z如果小于t,那一定无法表 ...

  6. E. XOR Guessing 交互题 Educational Codeforces Round 71 (Rated for Div. 2)

    E. XOR Guessing 交互题. 因为这个数最多只有14位 0~13,所以我们可以先处理后面7位,然后再处理后面7位. 因为异或的性质,如果一个数和0异或,那么就等于本身. 所以我们第一次异或 ...

  7. 在Qsys中创建用户自定义IP

    在SOC FPGA的设计中,必须使用Qsys软件才能将ARM和FPGA之间的接口引入到FPGA设计中.为了设计上的方便,客户经常希望将Qsys中的一些接口信号引入到FPGA顶层设计文件中.本文以Ava ...

  8. [hdu3068 最长回文]Manacher算法,O(N)求最长回文子串

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=3068 题意:求一个字符串的最长回文子串 思路: 枚举子串的两个端点,根据回文串的定义来判断其是否是回文 ...

  9. 微信小程序云开发|Error: ResourceNotFound.FunctionName, FunctionName 指定的资源不存在。 (41cd9de8-ff9b-4b1e-a65e-81ae9

    今天在上传云函数部署的时候老发现上传login 失败   ... 经过查阅资料有两种方法可行: 云函数上传后不要轻易删除!!! 1.重启客户端 2.最好的解决方法在云平台开发创建一个新的云函数覆盖就o ...

  10. Selenium + Python + Chrome 自动化测试 环境搭建

    一.下载Python 相关的教程很多,此处不详细记录了,下面是官网下载地址: https://www.python.org/downloads/ 我使用的python版本为 Python 3.6.1 ...