IdentityServer nodejs 令牌问题
IdentityServer nodejs token issue
我正在尝试在身份服务器中授权我的 nodejs 服务器。
我在 nodejs 中使用 passport-openidconnect 库。我的 nodejs 代码:
var express = require('express');
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var Strategy = require('passport-openidconnect').Strategy;
module.exports.configure = function configure(app, passport) {
var auth = {
authorizationURL: 'https://localhost:44333/core/connect/authorize',
tokenURL: 'https://localhost:44333/core/connect/token',
userInfoURL: 'https://localhost:44333/core/connect/userinfo',
clientID: 'NodeJsClient',
clientSecret: 'fakeSecret',
callbackURL: '/auth/callback',
scope: 'openid profile email offline_access',
responseType: "id_token"
};
app.use(session({
secret: 'someSecret',
resave: false,
saveUninitialized: false,
secure: true,
store: new RedisStore({
host: '127.0.0.1',
port: 6379
})
}
));
app.use(passport.initialize());
app.use(passport.session());
passport.use(new Strategy(auth, function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, verified) {
verified(null, Object.assign({}, profile, {token: accessToken}));
}));
passport.serializeUser(function (user, done) {
done(null, {id: user.id, name: user.displayName, token: user.token});
});
passport.deserializeUser(function (user, done) {
done(null, user);
});
app.get('/auth/login', passport.authenticate('openidconnect', {}));
app.get('/auth/callback', passport.authenticate('openidconnect', {}),
function (req, res) {
if (!req.user) {
throw new Error('user null');
}
res.redirect("/");
}
);
};
身份服务器端:
new Client()
{
ClientId = "NodeJsClient",
ClientName = "Nodejs Demo Client",
AccessTokenType = AccessTokenType.Jwt,
ClientSecrets = new List<Secret>()
{
new Secret("fakeSecret".Sha256())
},
Flow = Flows.AuthorizationCode,
RedirectUris = new List<string>() { "http://localhost:5200/auth/callback" },
AllowedScopes = new List<string>()
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Email,
Constants.StandardScopes.Roles,
Constants.StandardScopes.Address,
Constants.StandardScopes.OfflineAccess
},
AccessTokenLifetime = 3600
}
当我在允许个人数据权限后尝试授权时出现错误:
InternalOAuthError: failed to obtain access token
我发现在我的应用程序的重定向请求中没有令牌。问题出在哪里?你有没有很好的文档化的 nodejs 库来处理
OpenID Connect
我知道问题出在哪里了。 Iside passport-openidconnect 我发现了更详细的错误:"Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE"。按照 this question 中的描述解决了它。此刻的解决方案完全让我满意。
我正在尝试在身份服务器中授权我的 nodejs 服务器。 我在 nodejs 中使用 passport-openidconnect 库。我的 nodejs 代码:
var express = require('express');
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var Strategy = require('passport-openidconnect').Strategy;
module.exports.configure = function configure(app, passport) {
var auth = {
authorizationURL: 'https://localhost:44333/core/connect/authorize',
tokenURL: 'https://localhost:44333/core/connect/token',
userInfoURL: 'https://localhost:44333/core/connect/userinfo',
clientID: 'NodeJsClient',
clientSecret: 'fakeSecret',
callbackURL: '/auth/callback',
scope: 'openid profile email offline_access',
responseType: "id_token"
};
app.use(session({
secret: 'someSecret',
resave: false,
saveUninitialized: false,
secure: true,
store: new RedisStore({
host: '127.0.0.1',
port: 6379
})
}
));
app.use(passport.initialize());
app.use(passport.session());
passport.use(new Strategy(auth, function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, verified) {
verified(null, Object.assign({}, profile, {token: accessToken}));
}));
passport.serializeUser(function (user, done) {
done(null, {id: user.id, name: user.displayName, token: user.token});
});
passport.deserializeUser(function (user, done) {
done(null, user);
});
app.get('/auth/login', passport.authenticate('openidconnect', {}));
app.get('/auth/callback', passport.authenticate('openidconnect', {}),
function (req, res) {
if (!req.user) {
throw new Error('user null');
}
res.redirect("/");
}
);
};
身份服务器端:
new Client()
{
ClientId = "NodeJsClient",
ClientName = "Nodejs Demo Client",
AccessTokenType = AccessTokenType.Jwt,
ClientSecrets = new List<Secret>()
{
new Secret("fakeSecret".Sha256())
},
Flow = Flows.AuthorizationCode,
RedirectUris = new List<string>() { "http://localhost:5200/auth/callback" },
AllowedScopes = new List<string>()
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Email,
Constants.StandardScopes.Roles,
Constants.StandardScopes.Address,
Constants.StandardScopes.OfflineAccess
},
AccessTokenLifetime = 3600
}
当我在允许个人数据权限后尝试授权时出现错误:
InternalOAuthError: failed to obtain access token
我发现在我的应用程序的重定向请求中没有令牌。问题出在哪里?你有没有很好的文档化的 nodejs 库来处理
OpenID Connect
我知道问题出在哪里了。 Iside passport-openidconnect 我发现了更详细的错误:"Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE"。按照 this question 中的描述解决了它。此刻的解决方案完全让我满意。