2

我正在使用https://github.com/AzureAD/passport-azure-ad插件来使用 Azure AD Graph API。

我的 package.json 中的依赖关系

"passport-azure-ad": "^3.0.12"

我参考了此处提供的示例:https ://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS

我能够做到auth& 得到access_token& refresh_token。但是最后一个参数给出了一个错误,因为

TypeError: done is not a function

我的代码是使用 Typescript 我的策略代码编写的:

  passport.use( new OIDCStrategy( {
    identityMetadata: "https://login.microsoftonline.com/" + tenantName + "/v2.0/.well-known/openid-configuration",
    clientID: clientID,
    responseType: app_properties.responseType,
    responseMode: app_properties.responseMode,
    redirectUrl: app_properties.redirectUrl,
    allowHttpForRedirectUrl: app_properties.allowHttpForRedirectUrl,
    clientSecret: clientSecret,
    validateIssuer: app_properties.validateIssuer,
    isB2C: app_properties.isB2C,
    issuer: app_properties.issuer,
    passReqToCallback: app_properties.passReqToCallback,
    scope: app_properties.scope,
    loggingLevel: app_properties.loggingLevel,
    nonceLifetime: app_properties.nonceLifetime,
    nonceMaxAmount: app_properties.nonceMaxAmount,
    useCookieInsteadOfSession: app_properties.useCookieInsteadOfSession,
    cookieEncryptionKeys: app_properties.cookieEncryptionKeys,
    clockSkew: app_properties.clockSkew
  },
    function ( iss: any, sub: any, profile: any, accessToken: any, refreshToken: any, done: any ) {

      if ( iss ) {
        console.log( 'iss' + JSON.stringify( iss ) );
      }

      if ( sub ) {
        console.log( 'sub' + JSON.stringify( sub ) );
      }

      if ( accessToken ) {
        console.log( 'Received accessToken ' + accessToken );
      }

      if ( refreshToken ) {
        console.log( 'Received refreshToken ' + refreshToken );
      }
      if ( !profile.oid ) {
        console.log( 'Received accessToken ' + accessToken );
        return done( new Error( "No oid found" ), null );
      }

      if ( profile ) {
        console.log( 'profile' + JSON.stringify( profile ) );
      }

      return done(null, profile);
    } ) );

此外,自定义状态参数不保留状态字符串,根据文档

customState: if you want to use a custom state value instead of a randomly generated one

为什么done不工作?另外,我怎样才能保持状态?

下面是我的应用服务器中的重定向 URL 调用端点函数

export function authAzureAd( req: Request, res: Response, next: any ) {
passport.authenticate( 'azuread-openidconnect' , function ( err: any, user: any, info: any ) {
              if ( err ) {
                return next( err );
              }
              if ( !user ) {
                return res.send( { success: false, message: 'authentication failed' } );
              }
              console.info( 'user: ' + JSON.stringify( user ) );
              return res.send( { success: true, message: 'authentication succeeded' } );
            } )( req, res, next );
} catch ( err ) {
    console.info( err );
    res.status( 500 ).send( { message: err.message } );
  }
}

Auth Callback POST API 端点函数调用如下:

export function authCallback(req: Request, res: Response, next: any) {
  console.info('In the AzureAD callback, next = '+next);
  if (next == null) { // If we want something else to happen here, we can do it
    next = () => {};
  }
  try {
    passport.authenticate('azuread-openidconnect', { failureRedirect: '/login', customState: 'my_state', successRedirect: '/dashboard' })(req, res, next)
  } catch (err) {
    console.info(err);
    res.status(500).send({ message: err.message });
  }
}

更新

1] 关于TypeError: done is not a function我将 package.json 更新为具有依赖关系,"passport-azure-ad": "4.0.0"而不是按照文档中的示例验证回调中定义的"passport-azure-ad": "^3.0.12"那样done开始使用。process.nextTick()

2]关于我在not in 中customState得到状态参数。看到这个问题。azure-ad 的身份验证回调的原因恰好是 HTTP POST 而不是 HTTP GET,就像在其他 OAuth 流中一样。因此,国家是身体的一部分。req.body.statereq.query.state

4

1 回答 1

1

更新

1] 关于TypeError: done is not a function我将 package.json 更新为具有依赖关系,"passport-azure-ad": "4.0.0"而不是按照文档中的示例验证回调中定义的"passport-azure-ad": "^3.0.12"那样done开始使用。process.nextTick()

2]关于我在not in 中customState得到状态参数。看到这个问题。azure-ad 的身份验证回调的原因恰好是 HTTP POST 而不是 HTTP GET,就像在其他 OAuth 流中一样。因此,国家是身体的一部分。req.body.statereq.query.state

于 2019-09-16T12:03:45.563 回答