如何使用 ExpressJS 针对 mountPath 安装 node-oidc-provider？

Question

我正在使用 node-oidc-provider (v6.29.3) 库构建一个简单的 OIDC Connect 模拟服务，但在尝试针对特定 mountPath 安装提供程序时遇到问题。如果安装在 / 上一切正常，但尝试安装在 /oidc 上不起作用，因为 node-oidc-provider 的内部忽略了 mountPath.

我的设置大致是这样的：

const path = require('path')
const express = require('express')
const { Provider } = require('oidc-provider')

const configuration = require('src/utils/oidc')
const Account = require('src/account')

configuration.findAccount = Account.findAccount
const app = express()

app.set('views', path.join(__dirname, '..', 'views'))
app.set('view engine', 'ejs')

const mountPath = '/oidc'
const issuer = 'http://localhost:3000' + mountPath

const provider = new Provider(issuer, configuration)
app.use(mountPath, provider.callback)

app.listen(3000).then(() => {
  console.log('started')
})

我能够连接到 http://localhost:3000/oidc/.well-known/openid-configuration 并接收

{
  "authorization_endpoint":"http://localhost:3000/oidc/auth",
  "device_authorization_endpoint":"http://localhost:3000/oidc/device/auth",
  "claims_parameter_supported":false,
  "claims_supported":[
    "sub",
    "email",
    "givenName",
    "surname",
    "memberOf",
    "publishers",
    "sid",
    "auth_time",
    "iss"
  ],
  "code_challenge_methods_supported":["S256"],
  "end_session_endpoint":"http://localhost:3000/oidc/session/end",
  "grant_types_supported":[
    "implicit","authorization_code",
    "refresh_token",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "id_token_signing_alg_values_supported":["HS256", "PS256", "RS256", "ES256"],
  "issuer":"http://localhost:3000/oidc",
  "jwks_uri":"http://localhost:3000/oidc/jwks",
  "response_modes_supported":["form_post","fragment","query"],
  "response_types_supported":["code id_token","code","id_token","none"],
  "scopes_supported":["openid","offline_access","email","profile"],
  "subject_types_supported":["public"],
  "token_endpoint_auth_methods_supported":[
    "none",
    "client_secret_basic",
    "client_secret_jwt",
    "client_secret_post",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "token_endpoint":"http://localhost:3000/oidc/token",
  "request_object_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "request_parameter_supported":false,
  "request_uri_parameter_supported":true,
  "require_request_uri_registration":true,
  "userinfo_endpoint":"http://localhost:3000/oidc/me",
  "userinfo_signing_alg_values_supported":["HS256","PS256","RS256","ES256"],
  "introspection_endpoint":"http://localhost:3000/oidc/token/introspection",
  "introspection_endpoint_auth_methods_supported":[
    "none",
    "client_secret_basic",
    "client_secret_jwt",
    "client_secret_post",
    "private_key_jwt"
  ],
  "introspection_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "revocation_endpoint":"http://localhost:3000/oidc/token/revocation",
  "revocation_endpoint_auth_methods_supported":[
    "none",
    "client_secret_basic",
    "client_secret_jwt",
    "client_secret_post",
    "private_key_jwt"
  ],
  "revocation_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "claim_types_supported":["normal"]
}

使用一个简单的测试，我登录并且我的日志显示（正确）

GET /oidc/auth

但随后，它在内部重定向到：

GET /interaction/znBzRfhyoBTCg1cFcLult

我需要内部重定向才能转到

GET /oidc/interaction/znBzRfhyoBTCg1cFcLult

如何告诉 OIDC 提供商通过给定的 mountPath 而不是 / 进行重定向？

Answer 1

您将必须配置 interactions.url 助手。有关详细信息，请参阅 documentation。

稍后您将必须构建自己的 end-user 交互，并且无论如何您都必须配置此助手。