PKCE代码流(IdentityServer4)中重定向页面的必要性
PKCE代码流(IdentityServer4)中重定向页面的必要性
提问于 2019-12-09 21:02:53
在项目中使用PKCE代码流和IdentityServer4。我在IS4示例中找到了这种轻松的代码:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginInputModel model, string button)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl });
}
return Redirect(model.ReturnUrl);
}
else
{
// since we don't have a valid context, then we just go back to the home page
return Redirect("~/");
}
}所以问题是,为什么我们应该显示重定向页面,以及它如何改善用户体验?Redirec视图上唯一的内容是消息"You now is returned to The application“。你能告诉我这样做的原因吗?或者有必要这样做的情况吗?谢谢!
回答 1
Stack Overflow用户
发布于 2019-12-10 02:33:37
这对于具有自定义重定向URI的本机客户端非常有用。如果你不需要这些代码,你可以随意删除。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/59249510
复制相关文章
相似问题
腾讯云开发者
