说明:使用项目代码是这个,做了一点体力活:将 implicit grant types(简化授权类型)的页面跳转流程抓了个包。

QuickstartIdentityServer 项目的发布地址:127.0.0.1:5000

MvcClient  项目的发布地址:127.0.0.1:5002

下面的顺序按照implicit grant types 走下来的,0步骤会在 MvcClient  第一次获取identity server信息时发生,所以在获取到配置信息后,正常的流程是1-9。

0 获取 identity Server 认证、授权配置信息

GET 127.0.0.1:5000/.well-known/openid-configuration

HTTP/1.1 200 OK

{"issuer":"http://127.0.0.1:5000","jwks_uri":"http://127.0.0.1:5000/.well-known/openid-configuration/jwks","authorization_endpoint":"http://127.0.0.1:5000/connect/authorize","token_endpoint":"http://127.0.0.1:5000/connect/token","userinfo_endpoint":"http://127.0.0.1:5000/connect/userinfo","end_session_endpoint":"http://127.0.0.1:5000/connect/endsession","check_session_iframe":"http://127.0.0.1:5000/connect/checksession","revocation_endpoint":"http://127.0.0.1:5000/connect/revocation","introspection_endpoint":"http://127.0.0.1:5000/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["openid","profile","api1","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit","password"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}

-----------------

GET /.well-known/openid-configuration/jwks 

HTTP/1.1 200 OK

{"keys":[{"kty":"RSA","use":"sig","kid":"bd30634bfbca33e60053095763302f84","e":"AQAB","n":"ox765ltEHzAQPG4rNR722wh_iWoDkZX8L9ML8QmIIugQxHNH4A8bc2-lWl6q--sxI5bWygDDn3YONiPdnuZHgM6cX0FX_fDg0le9aGBAt2sQdzlZzs51nMfgyiNv1lspzjRlKQeOKfk7tbOBbw8JRDZcudx0DrIx2JWc6eLcHXnGRw_BcaSBkhXVYg6YoCe9JrKSQe0Rnen574C2Oo7hZTDS3U1ol4qFPMBDT6QgbWT0qTEYfqOWhxNrufX7ypEaV85k3gJlL-n3AKh0jtOeYlxbnTtRYfoojpjw4bxat5sS9k-VoFMUf9eZBgSrlAL5aMwURxyeWG_DRKatYvHR8Q","alg":"RS256"}]}

1 访问客户端受保护的资源

GET 127.0.0.1:5002/Home/Secure

Referer: http://127.0.0.1:5002/

HTTP/1.1 302 Found

Location: http://127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

#http://127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http://127.0.0.1:5002/signin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

2 重定向到:请求identity Service 授权

GET 127.0.0.1:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1

#connect/authorize?client_id=mvc&redirect_uri=http://127.0.0.1:5002/signin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

Referer: http://127.0.0.1:5002/

HTTP/1.1 302 Found

Location: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

3 重定向到:请求 identity Service 登录页面

GET 127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1

#

Referer: http://127.0.0.1:5002/

HTTP/1.1 200 OK

<!DOCTYPE html>

4 提交登录表单

POST /account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0 HTTP/1.1

Referer: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

Content-Type: application/x-www-form-urlencoded

HTTP/1.1 302 Found

Location: /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

5 重定向到:请求 identity Service 用户同意页面

GET /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1

Referer: http://127.0.0.1:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

HTTP/1.1 200 OK

<!DOCTYPE html>

6 提交 用户同意表单

POST /consent HTTP/1.1

Referer: http://127.0.0.1:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

Cache-Control: max-age=0

HTTP/1.1 302 Found

Location: /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

7 重定向到:identity Service 授权回调

GET /connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0 HTTP/1.1

Referer: http://127.0.0.1:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttp%253A%252F%252F127.0.0.1%253A5002%252Fsignin-oidc%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm%26state%3DCfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs%26x-client-SKU%3DID_NET%26x-client-ver%3D2.1.4.0

Host: 127.0.0.1:5000

Connection: Keep-Alive

Cookie: .AspNetCore.Antiforgery.YjAxvW2xqCo=CfDJ8KjKmIpVmpVHjwkDwUwE7k1xn6W14nk_E0cRvwWveGwSyaaqD7sS2pSTAE43QsB7xRIVuLBsNiOk9ib-83IIDT874ymk3A6Xg9waHRH8csTfVyxtxMbjarHFfTGS29kDMaBbSQITR9Fj_bgjDLgOXaI; idsrv.session=be16971582a80c99fd0286310cf00363; idsrv=CfDJ8KjKmIpVmpVHjwkDwUwE7k34O8JeSGKhYR40MCwGcWlElGczJ732hBb7D-VSzKh9gz7xwxW0ysAaweb6KafSkOgi4bXHY62o2msxzeoWA5E4uh16QUIo1Flh4GSy-c2sSP2aYdS3r2ljpu8G9ntl7RlJI8qNsuDJLb_EUdueHRaATYfNAJ7BU-N8XnJ87mYPb6CV3HBsUSdjABbPu6biVyI7Spr7BHcHyzbfnUgcxuW63og135jhr-_cmQuFlPVb61xTNcafm4OAYa3ter29I3qj1yZfNQDMqXzwtRaRWMrrFPe4eOZD5daaF8YXT5rzBLZRpZM-bJw9m5SI5FGapVlM4mFhH-bb9BWXrRxIKj-04WRMiBiXxycInIlcbHuRLwNgzCSPIIKCk79UT5gYQfrC1u-ejKoIAMfokdKVtr4dTiiMZMumR2gk-hYExy1q1X2--Z1Vf_lpMGApx5rveg8eb3mhWJi9p8PGWjjCFKqL; ConsentResponse.NEqTdfMa_qlc7u3gFoMYkmGSvsJLSjso3mzLtAL8o1I=CfDJ8KjKmIpVmpVHjwkDwUwE7k2k-7mmBieBu5AEPr9OYTHPmI-QCx1hCbPvGGFhcyWBr18UqTyDbwoeGYBTxHTh0GPF5BOI01qvFUA1WN96EqT15dGN9nUPGXojcOhbH7NW3e5qOjx-NkSGZPspg60t5jVwMXslPqx-M5Shpm_6P9wtDMRXWDkMOoR2r1YVc9kiN22oNB7zJBN6yNDeMnYj0KZ-AOSWpL5ZhQb3zUWXSjld6SgBqw2k6zMcp2SCqgUK9W9mP1sgi6QTqfHF1V4-rK0

HTTP/1.1 200 OK

Set-Cookie: ConsentResponse.NEqTdfMa_qlc7u3gFoMYkmGSvsJLSjso3mzLtAL8o1I=.; expires=Fri, 31 Dec 1999 16:00:00 GMT; path=/; samesite=lax; httponly

Set-Cookie: idsrv=CfDJ8KjKmIpVmpVHjwkDwUwE7k0-F0MNdt22QvDnLb_-24iyo2T0beQ9LLPqzS-bm1UY39QbA5HpuMpDfWZfBfm8SGI1vqcwuL7-4RM03nnMf8fyvUBgp5Qjr7CRyL9I83tIK_lx293vQDlH1T_IcImzhyh5J4WGAXnorJKtvvuVwL8Okxf9SekJ5alVFpoxHEHR4Ok_cltkvf8-gaxMgSHTVCdSaFB4FchmcMSjJjMpxHbM4SqNryH4FnBwfJMekDXxqNIUMn6b8QHkN2Js4n0Vlc26AnTdm8n4yuXuDvB0DfTvtlEi5p6pqO3xJevHC2ZT8ryl7cOIqAQqTe94VB5gl3eob2q0q_H2Lk5ONdLVBNIwv6CsWi8RNlsBslDxcFZl1YzU5CK9rQGPOLUCvx0vv-5Ix_BI959MxGK6e_8jBHhkepKja8h38m-OA2UTNJsdDFfFoH8MsDfks1ytjInmOwgt2Fl7LMthLPWMyNVaIzkapIGNN9XDikwPfuGMAhi2Pg; path=/; httponly

Content-Security-Policy: default-src 'none'; frame-ancestors http://127.0.0.1:5002; script-src 'sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=';

X-Content-Security-Policy: default-src 'none'; frame-ancestors http://127.0.0.1:5002; script-src 'sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=';

Referrer-Policy: no-referrer

<form method='post' action='http://127.0.0.1:5002/signin-oidc'><input type='hidden' name='id_token' value='eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkMzA2MzRiZmJjYTMzZTYwMDUzMDk1NzYzMzAyZjg0IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NDAyODYyMDksImV4cCI6MTU0MDI4NjUwOSwiaXNzIjoiaHR0cDovLzEyNy4wLjAuMTo1MDAwIiwiYXVkIjoibXZjIiwibm9uY2UiOiI2MzY3NTg4MjE2MDY3NjkxNzQuTWpOak1XRmhOVEF0WmpVNU9TMDBNMlF4TFdJMU9XSXRPV1l3TUdOaVpHUTBaV0ZrTXpReE5USmpZVGt0Tm1VNU9DMDBaVEpqTFdGbVpEY3RPVGMzTWpZMU5ESTNOR0ptIiwiaWF0IjoxNTQwMjg2MjA5LCJzaWQiOiJiZTE2OTcxNTgyYTgwYzk5ZmQwMjg2MzEwY2YwMDM2MyIsInN1YiI6IjEiLCJhdXRoX3RpbWUiOjE1NDAyODU5NTMsImlkcCI6ImxvY2FsIiwibmFtZSI6IkFsaWNlIiwid2Vic2l0ZSI6Imh0dHBzOi8vYWxpY2UuY29tIiwiYW1yIjpbInB3ZCJdfQ.egapXpCShj07m2ldf1lRxc-5O6eqElpSvmTjQ9clgi1WxtR6Gf_iNhhIwm5aNQv9pSE9cLUwjg7-3XWfrBPKtKPCgC-N_50nKRW3SDct1NGcr6Yw9UAd049glC7B5WbHa2qAfqy8c61IiGA77r6roXNdvyk6jNGc4cLQHKGfPF-7tIN5ipQvFuXEpwWEYSGrjx8cO2_B3Dvd_eCIuD7ZotEEl0gvq1cn3RlKDT9qrPN_AvYqNRkFwDfLW4BgACo3XTX4fp9H6Y0dHdbfkCuA287nIyrH47U-US-7rbUh2vjyAf7GrJgE1iTl7ltr8FTSmjt0gHZJJMFHHq9CKmVBbg' />

<input type='hidden' name='scope' value='openid profile' />

<input type='hidden' name='state' value='CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs' />

<input type='hidden' name='session_state' value='46esjgZEyWUfSUkVvHKy8Opvnq0mmY19WfvOfc9BuLE.78306e80b16a34dd965f55cf78237a2d' />

<noscript><button>Click to continue</button></noscript></form><script>(function(){document.forms[0].submit();})();</script>

8 自动提交表单:提交表单到客户端 openid 登录入口

POST /signin-oidc HTTP/1.1

Referer: http://127.0.0.1:5000/connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

Cache-Control: max-age=0

Content-Type: application/x-www-form-urlencoded

HTTP/1.1 302 Found

Location: http://127.0.0.1:5002/Home/Secure

9 重定向到:客户端受保护资源

GET /Home/Secure HTTP/1.1

Referer: http://127.0.0.1:5000/connect/authorize/callback?client_id=mvc&redirect_uri=http%3A%2F%2F127.0.0.1%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636758821606769174.MjNjMWFhNTAtZjU5OS00M2QxLWI1OWItOWYwMGNiZGQ0ZWFkMzQxNTJjYTktNmU5OC00ZTJjLWFmZDctOTc3MjY1NDI3NGJm&state=CfDJ8KjKmIpVmpVHjwkDwUwE7k2bBYcaRX-3MqGRb4aYMIiDg6xYQ2TemJhc-X-F4p2MBnnn502lBw5atZcxsw1UIAeITKmq21JiVx6RwNoSDPY7JZrsw2RWKLl15kxc-YQvRn4Sj4jaLfeWggp9_xfhTHV2SeLb09afuTWwQdoF7bv3D3bVMJBhnuRWOW11jNAydsu8DRsz780ZICylpil_YjaI8i4Gj3X5jwK7HEyt56qv5DgElVLXQQvKXCPex5XEQ-4EK1raVXVgYvO2doAOxtmYpJBH12Y8TNE0uemQbAi7uIGlfSsxtXIxLvVZr43smTHVaBGm76iZLI0fuVlCMPs&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

HTTP/1.1 200 OK

Date: Tue, 23 Oct 2018 09:16:50 GMT

Content-Type: text/html; charset=utf-8

Server: Kestrel

Transfer-Encoding: chunked

<!DOCTYPE html>

可以参考:

https://identityserver4.readthedocs.io/en/release/index.html

https://aaronparecki.com/oauth-2-simplified/

https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth

如果你们看明白了,而且写成中文可以告诉我,反正我是没怎么明白。

indetityserver4-implicit-grant-types-请求流程叙述-上篇的更多相关文章

  1. zookeeper源码分析之五服务端(集群leader)处理请求流程

    leader的实现类为LeaderZooKeeperServer,它间接继承自标准ZookeeperServer.它规定了请求到达leader时需要经历的路径: PrepRequestProcesso ...

  2. OAuth2.0学习(1-5)授权方式2-简化模式(implicit grant type)

    授权方式2-简化模式(implicit grant type) 简化模式(implicit grant type)不通过第三方应用程序的服务器,直接在浏览器中向认证服务器申请令牌,跳过了"授 ...

  3. OAuth2.0和企业内部统一登录,token验证方式,OAuth2.0的 Authorization code grant 和 Implicit grant区别

    统一登录是个很多应用系统都要考虑的问题,多个项目的话最好前期进行统一设计,否则后面改造兼容很麻烦: cas认证的方式:新公司都是老项目,用的是cas认证的方式,比较重而且依赖较多,winform的项目 ...

  4. 配置Postman通过OAuth 2 implicit grant获取Dynamics 365 CE Online实例的Access Token

    微软动态CRM专家罗勇 ,回复335或者20190516可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me. 对于测试Web API, Get 类型,不需要设定特别reque ...

  5. ASP.NET MVC学前篇之请求流程

    ASP.NET MVC学前篇之请求流程 请求流程描述 对于请求的流程,文章的重点是讲HttpApplication和HttpModule之间的关系,以及一个简单的示例实现.(HttpModule又是M ...

  6. MVC视图请求流程视图

    /*         *视图请求流程         *当接受到home/index请求时         *先去找viewstart.cshtml视图,再去加载index.cshtml视图      ...

  7. HTTP请求流程(一)----流程简介

    最近一直在研究如何让asp.net实现上传大文件的功能,所以都没怎么写技术类的文章了.可惜的是至今还没研究出来,惭愧~~~.不过因为这样,也了解了一下http消息请求的大致过程.我就先简单介绍下,然后 ...

  8. [转】:HTTP请求流程(一)----流程简介

    http://www.cnblogs.com/stg609/archive/2008/07/06/1236966.html HTTP请求流程(一)----流程简介 最近一直在研究如何让asp.net实 ...

  9. django源码分析 请求流程

    一.从浏览器发出一个请求,到返回响应内容,这个过程是怎么样的? 1. 浏览器解析输入的url 2. 查找url对应的ip地址 3. 通过ip地址访问我们的服务器 1.  请求进入wsgi服务器(我在这 ...

随机推荐

  1. 在Jetson TX2上安装OpenCV(3.4.0)

    参考文章:How to Install OpenCV (3.4.0) on Jetson TX2 与参考文章大部分都是相似的,如果不习惯看英文,可以看看我下面的描述 在我们使用python3进行编程时 ...

  2. 10.秋招复习简单整理之CSMA/CD协议

    我们知道,总线上只要有一台计算机在发送数据,总线的传输资源就被占用.因此,在同一时间只能允许一台计算机发送数据,否则各计算机之间就会相互干扰,使得所发送的数据被破坏.因此,如何协调总线上各计算机的工作 ...

  3. C++11的mutex和lock_guard,muduo的MutexLock 与MutexLockGuard

    互斥锁是用来保护一段临界区的,它可以保证某段时间内只有一个线程在执行一段代码或者访问某个资源. C++11的mutex和lock_guard C++11新增了mutex,使用方法和linux底下的常用 ...

  4. vue2.0那些坑之使用elementUI后v-on:click事件不生效问题

    最近在维护vue2.0的项目,遇到了不少坑,在这里说下引用elementui之后,使用v-on:click绑定点击事件无效的情况,如下图: 我想阻止冒泡事件,发现无效.这里将@click换成了@cli ...

  5. thinkphp-getshell Bypass

    年前写的了,做测试用,主要利用 session getshell 或者thinkphp 的log  //勿用attack  测试 import requests import time import ...

  6. 这是一篇每个人都能读懂的最小生成树文章(Kruskal)

    本文始发于个人公众号:TechFlow,原创不易,求个关注 今天是算法和数据结构专题的第19篇文章,我们一起来看看最小生成树. 我们先不讲算法的原理,也不讲一些七七八八的概念,因为对于初学者来说,看到 ...

  7. 网络流 I - Fox And Dinner CodeForces - 510E

    Fox Ciel is participating in a party in Prime Kingdom. There are n foxes there (include Fox Ciel). T ...

  8. Word转pdf,再转图片插入PDF

    WORD转PDF所需jar包: https://yangtaotao.lanzous.com/ice1jlc PDF转图片所需jar包: https://yangtaotao.lanzous.com/ ...

  9. java结合email实现自动推送

    1.获取表中最后一条数据 public static String demo() throws SQLException { String sql = "select * FROM baox ...

  10. search(11)- elastic4s-模糊查询

    很多时候搜索用户对查询语句具有模糊感觉,他们只能提供大约的描述.比如一个语句的部分,或者字句顺序颠倒等.通过模糊查询可以帮助用户更准确的找出他们希望搜索的结果. 模糊查询包括前后缀,语句(phrase ...