关于隐式和混合流所需的 openid connect:IdentityResources.Profile?

IdentityResources.Profile required for implicit and hybrid flow?

摆弄来自 IdentityServer4 的快速入门示例并阅读我在此页面中遇到的此声明的文档(强调我的):

The OpenID Connect specification specifies a couple of standard
identity resources. The minimum requirement is, that you provide
support for emitting a unique ID for your users - also called the
subject id. This is done by exposing the standard identity resource
called openid

以使用 Quickstart3_ImplicitFlowAuthentication-Solution 为例,我想我只是尝试省略(在项目 QuickstartIdentityServer - 文件 Config.cs)

1
IdentityResources.Profile()

来自 Config.GetIdentityResources

1
IdentityServerConstants.StandardScopes.Profile

来自 MVC 客户端的 AllowedScopes

但是当我尝试调用 Secure-View 时,我得到了这个错误:

Sorry, there was an error : invalid_scope

所以我的问题是,实际上是否需要 ProfileOpenId,我是否忘记更改其他内容以使其正常工作,或者我只是误解了引用的陈述?


我会根据 openid 规范来回答这个问题。

下面提到的关于 scope,

的规范

REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored. See Sections 5.4 and 11 for additional scope values defined by this specification.

你不应该在你的范围配置中删除 IdentityResources.OpenId()

还有关于 profile 范围的流动,

OPTIONAL. This scope value requests access to the End-User's default profile Claims, which are: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.

虽然配置文件是可选的,但我相信这个示例(ImplicitFlowAuthentication)需要配置文件范围才能正常运行。因此给出了这个错误。