1

我已经配置了OIDCStrategy护照和应用程序重定向到帐户登录,然后我得到一个访问令牌。在我尝试使用如下方式保护路由后,它总是重定向到身份验证页面。

app.get('/test', (req, res, next) => {
    if (req.isAuthenticated()) { return next(); }
    res.redirect('/auth');
}, (request, response, next) => {
    response.status(200)
        .json({
            message: 'SUCCESS',
        });
})

我也试过这个方法

    app.get('/test', passport.authenticate('azuread-openidconnect', { session: true, failureRedirect: '/auth' }), (request, response, next) => {
        response.status(200)
            .json({
                message: 'SUCCESS',
            });
    });

护照配置

const passport = require('passport');
const { OIDCStrategy, BearerStrategy } = require('passport-azure-ad');
const passportModule = express.Router();

passport.serializeUser(function (user, done) {
    done(null, user.oid);
});

passport.deserializeUser(function (oid, done) {
    findByOid(oid, function (err, user) {
        done(err, user);
    });
});

const users = [];

const findByOid = function (oid, fn) {
    for (var i = 0, len = users.length; i < len; i++) {
        var user = users[i];
        console.info('we are using user: ', user);
        if (user.oid === oid) {
            return fn(null, user);
        }
    }
    return fn(null, null);
};
const azureOpenIDStrategy = new OIDCStrategy({
    identityMetadata: "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration",
    clientID: "cec04b71-137b-4a99-80c6-e0fc88a2e7c5",
    responseType: "code",
    responseMode: 'form_post',
    redirectUrl: redirectUrl,
    allowHttpForRedirectUrl: false,
    clientSecret: "",
    isB2C: false,
    validateIssuer: false,
    issuer: null,
    passReqToCallback: false,
    useCookieInsteadOfSession: true,
    cookieEncryptionKeys: [
        { 'key': '12345678901234567890123456789012', 'iv': '123456789012' },
        { 'key': 'abcdefghijklmnopqrstuvwxyzabcdef', 'iv': 'abcdefghijkl' }
    ],
    scope: ['profile', 'OnlineMeetings.ReadWrite', 'Calendars.ReadWrite', 'People.Read.All'],
    loggingLevel: 'info',
    nonceLifetime: null,
    nonceMaxAmount: 5,
    clockSkew: null
}, function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, done) {
    if (!profile.oid) {
        return done(new Error("No oid found"), null);
    }
    console.log(`iss: ${iss}`);
    console.log(`sub: ${sub}`);
    console.log(`profile: ${JSON.stringify(profile)}`);
    console.log(`accessToken: ${accessToken}`);
    console.log(`jwtClaims: ${JSON.stringify(jwtClaims)}`);
    console.log(`refreshToken: ${refreshToken}`);
    console.log(`params: ${params}`);
    process.nextTick(function () {
        findByOid(profile.oid, function (err, user) {
            if (err) {
                return done(err);
            }
            if (!user) {
                // "Auto-registration"
                users.push(profile);
                return done(null, profile);
            }
            return done(null, user);
        });
    })
});

passportModule.use(passport.initialize());
passportModule.use(passport.session());
passport.use(azureOpenIDStrategy);

如何使用 azure open-id 连接策略正确保护路由?

4

1 回答 1

0

将检索到的令牌附加到您的请求中(在 Authorization 标头中,格式如下:)"Bearer {access token}"使用 passport.authenticate 保护路由

于 2020-06-05T19:34:37.250 回答