您还可以执行以下操作。我最近用我的 react 应用程序和 nodejs 后端实现了一个
您可以在https://github.com/AzureADQuickStarts/AppModelv2-WebAPI-nodejs/blob/master/node-server/config.js找到BearerStrategyOptions的键值
允许仅供参考我使用了以下公共端点' https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration作为identityMetadata
const BearerStrategyOptions = {
identityMetadata,
clientID,
validateIssuer,
issuer,
passReqToCallback,
allowMultiAudiencesInToken,
audience
};
您可以在https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs/blob/master/config.js找到OIDCStrategyOptions的键值
const OIDCStrategyOptions = {
identityMetadata,
clientID,
responseType,
responseMode,
redirectUrl,
allowHttpForRedirectUrl,
clientSecret,
validateIssuer,
isB2C,
issuer,
passReqToCallback,
scope,
nonceLifetime,
nonceMaxAmount,
useCookieInsteadOfSession,
cookieEncryptionKeys,
clockSkew
};
对于身份验证:
passport.use(
new OIDCStrategy(OIDCStrategyOptions, function(
iss,
sub,
profile,
accessToken,
refreshToken,
done
) {
if (!profile.oid) {
return done(new Error("No oid found"), null);
}
// asynchronous verification, for effect...
process.nextTick(function() {
findByOid(profile.oid, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
users.push(profile);
// console.log("---------profile----------", profile)
return done(null, profile);
}
// console.log("-----------user---------", user)
return done(null, user);
});
});
})
);
授权:
passport.use(
new BearerStrategy(BearerStrategyOptions, function(token, done) {
console.log("verifying the user");
console.log(token, "was the token retreived");
findByOid(token.oid, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
console.log(
"User was added automatically as they were new. Their oid is: ",
token.oid
);
users.push(token);
owner = token.oid;
return done(null, token);
}
owner = token.oid;
return done(null, user, token);
});
})
);
并在您的 api 中使用以下代码来授权路由
passport.authenticate('oauth-bearer', {session: false})
完毕!希望这对希望使用的人有所帮助:)passport-azure-ad