[OpenIddict.Server.OpenIddictServerDispatcher] The introspection request was rejected because the access token was issued to a different client or for another resource server.
整体站点采用http,单点登录 cookie 共享
[OpenIddict.Server.OpenIddictServerDispatcher] The introspection request was rejected because the access token was issued to a different client or for another resource server.
[2026-01-07 16:51:58.183 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] Potentially sensitive application claims were excluded from the introspection response as the client 'EAP' was not explicitly listed as an audience.
[2026-01-07 16:51:58.183 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The response was successfully returned as a JSON document: { "active": true, "iss": "http://10.166.0.106:44390/", "sub": "4d75bb07-b3de-0147-7a5c-3a1d3c88d0e8", "jti": "b66835b5-f0ab-45bd-afec-7d85e4b91e81", "token_type": "Bearer", "token_usage": "access_token", "client_id": "EAP", "iat": 1767804690, "nbf": 1767804690, "exp": 1767808290, "aud": "ControlCenter" }. [2026-01-07 16:51:58.184 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/connect/introspect - 200 327 application/json;charset=UTF-8 18.7682ms [2026-01-07 16:51:59.429 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - application/json; charset=utf-8 null [2026-01-07 16:51:59.430 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - 200 0 null 0.7973ms [2026-01-07 16:52:00.706 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - application/json; charset=utf-8 null [2026-01-07 16:52:00.707 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - 200 0 null 1.1336ms [2026-01-07 16:52:02.388 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - application/json; charset=utf-8 null [2026-01-07 16:52:02.389 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://10.166.0.106:44390/register-health-check - 200 0 null 0.9464ms [2026-01-07 16:52:02.443 +00:00] [INF] [Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 POST http://10.166.0.106:44390/connect/introspect - application/x-www-form-urlencoded 1339 [2026-01-07 16:52:02.444 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The request URI matched a server endpoint: "Introspection". [2026-01-07 16:52:02.444 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The introspection request was successfully extracted: { "token": "[redacted]", "client_id": "EMS", "client_secret": "[redacted]" }. [2026-01-07 16:52:02.465 +00:00] [INF] [OpenIddict.Server.OpenIddictServerDispatcher] The response was successfully returned as a JSON document: { "active": false }.
Potentially sensitive application claims were excluded from the introspection response as the client 'EAP' was not explicitly listed as an audience.
[OpenIddict.Server.OpenIddictServerDispatcher] The response was successfully returned as a JSON document: {
"active": false
}.
The access_token is not active.
IntrospectAccessToken 在什么情况下使用
1 FeatureManagementModal、PermissionManagementModal等时,没有带上参数吧 MvcCurrentApplicationConfigurationCacheResetEventHandler实现,CurrentUser 是当前操作人吧 await LocalEventBus.PublishAsync( new CurrentApplicationConfigurationCacheResetEventData() ); 2 User => Test, 单一角色权限【用户管理、角色管理】,admin取消角色管理权限,test 5分钟生效。 User =>admin, 单一角色权限【用户管理、角色管理】,admin取消角色管理,刷新页面立刻生效。
3 2 User => Test, 多角色权限 Role1【用户管理】、Role2角色管理,admin取消Test的Role2角色,test 后台5分钟生效,菜单不消失,访问403。
是的,查到了 1 abp AbpApplicationConfigurationController.cs GetAsync AntiForgeryManager.SetCookie(); 2 abp AspNetCoreAbpAntiForgeryManager.cs SetCookie return _antiforgery.GetAndStoreTokens(_httpContextAccessor.HttpContext!).RequestToken!; 3 aspnetcore DefaultAntiforgery.cs GetAndStoreTokens var tokenSet = Serialize(antiforgeryFeature); 4 aspnetcore DefaultAntiforgeryTokenSerializer.cs var unprotectedBytes = _cryptoSystem.Unprotect(tokenBytes); throw new AntiforgeryValidationException(Resources.AntiforgeryToken_DeserializationFailed, innerException);
问下,什么情况下会触发找个错误,是AspNetCoreAbpAntiForgeryManager 的SetCookie 么 [ERR] [Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {3d2570ea-25e7-4481-b585-2e976de1fd5f} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext) [2025-12-24 08:08:42.202 +00:00] [ERR] [Microsoft.EntityFrameworkCore.Database.Transaction] An error occurred using a transaction.
