我正在使用https://github.com/AzureAD/passport-azure-ad插件来使用 Azure AD Graph API。
我的 package.json 中的依赖关系
"passport-azure-ad": "^3.0.12"
我参考了此处提供的示例:https ://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS
我能够做到auth
& 得到access_token
& refresh_token
。但是最后一个参数给出了一个错误,因为
TypeError: done is not a function
我的代码是使用 Typescript 我的策略代码编写的:
passport.use( new OIDCStrategy( {
identityMetadata: "https://login.microsoftonline.com/" + tenantName + "/v2.0/.well-known/openid-configuration",
clientID: clientID,
responseType: app_properties.responseType,
responseMode: app_properties.responseMode,
redirectUrl: app_properties.redirectUrl,
allowHttpForRedirectUrl: app_properties.allowHttpForRedirectUrl,
clientSecret: clientSecret,
validateIssuer: app_properties.validateIssuer,
isB2C: app_properties.isB2C,
issuer: app_properties.issuer,
passReqToCallback: app_properties.passReqToCallback,
scope: app_properties.scope,
loggingLevel: app_properties.loggingLevel,
nonceLifetime: app_properties.nonceLifetime,
nonceMaxAmount: app_properties.nonceMaxAmount,
useCookieInsteadOfSession: app_properties.useCookieInsteadOfSession,
cookieEncryptionKeys: app_properties.cookieEncryptionKeys,
clockSkew: app_properties.clockSkew
},
function ( iss: any, sub: any, profile: any, accessToken: any, refreshToken: any, done: any ) {
if ( iss ) {
console.log( 'iss' + JSON.stringify( iss ) );
}
if ( sub ) {
console.log( 'sub' + JSON.stringify( sub ) );
}
if ( accessToken ) {
console.log( 'Received accessToken ' + accessToken );
}
if ( refreshToken ) {
console.log( 'Received refreshToken ' + refreshToken );
}
if ( !profile.oid ) {
console.log( 'Received accessToken ' + accessToken );
return done( new Error( "No oid found" ), null );
}
if ( profile ) {
console.log( 'profile' + JSON.stringify( profile ) );
}
return done(null, profile);
} ) );
此外,自定义状态参数不保留状态字符串,根据文档
customState: if you want to use a custom state value instead of a randomly generated one
为什么done
不工作?另外,我怎样才能保持状态?
下面是我的应用服务器中的重定向 URL 调用端点函数
export function authAzureAd( req: Request, res: Response, next: any ) {
passport.authenticate( 'azuread-openidconnect' , function ( err: any, user: any, info: any ) {
if ( err ) {
return next( err );
}
if ( !user ) {
return res.send( { success: false, message: 'authentication failed' } );
}
console.info( 'user: ' + JSON.stringify( user ) );
return res.send( { success: true, message: 'authentication succeeded' } );
} )( req, res, next );
} catch ( err ) {
console.info( err );
res.status( 500 ).send( { message: err.message } );
}
}
Auth Callback POST API 端点函数调用如下:
export function authCallback(req: Request, res: Response, next: any) {
console.info('In the AzureAD callback, next = '+next);
if (next == null) { // If we want something else to happen here, we can do it
next = () => {};
}
try {
passport.authenticate('azuread-openidconnect', { failureRedirect: '/login', customState: 'my_state', successRedirect: '/dashboard' })(req, res, next)
} catch (err) {
console.info(err);
res.status(500).send({ message: err.message });
}
}
更新
1] 关于TypeError: done is not a function
我将 package.json 更新为具有依赖关系,"passport-azure-ad": "4.0.0"
而不是按照文档中的示例验证回调中定义的"passport-azure-ad": "^3.0.12"
那样done
开始使用。process.nextTick()
2]关于我在not in 中customState
得到状态参数。看到这个问题。azure-ad 的身份验证回调的原因恰好是 HTTP POST 而不是 HTTP GET,就像在其他 OAuth 流中一样。因此,国家是身体的一部分。req.body.state
req.query.state