0

我正在使用node-oidc-provider( v6.29.3) 库来构建一个简单的 OIDC Connect 模拟服务,并且在尝试针对特定的mountPath. 如果安装在上面,这一切都很好,/但尝试安装在上面/oidc不起作用,因为node-oidc-provider忽略mountPath.

我的设置大致是这样的:

const path = require('path')
const express = require('express')
const { Provider } = require('oidc-provider')

const configuration = require('src/utils/oidc')
const Account = require('src/account')

configuration.findAccount = Account.findAccount
const app = express()

app.set('views', path.join(__dirname, '..', 'views'))
app.set('view engine', 'ejs')

const mountPath = '/oidc'
const issuer = 'http://localhost:3000' + mountPath

const provider = new Provider(issuer, configuration)
app.use(mountPath, provider.callback)

app.listen(3000).then(() => {
  console.log('started')
})

我能够连接http://localhost:3000/oidc/.well-known/openid-configuration并接收

{
  "authorization_endpoint":"http://localhost:3000/oidc/auth",
  "device_authorization_endpoint":"http://localhost:3000/oidc/device/auth",
  "claims_parameter_supported":false,
  "claims_supported":[
    "sub",
    "email",
    "givenName",
    "surname",
    "memberOf",
    "publishers",
    "sid",
    "auth_time",
    "iss"
  ],
  "code_challenge_methods_supported":["S256"],
  "end_session_endpoint":"http://localhost:3000/oidc/session/end",
  "grant_types_supported":[
    "implicit","authorization_code",
    "refresh_token",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "id_token_signing_alg_values_supported":["HS256", "PS256", "RS256", "ES256"],
  "issuer":"http://localhost:3000/oidc",
  "jwks_uri":"http://localhost:3000/oidc/jwks",
  "response_modes_supported":["form_post","fragment","query"],
  "response_types_supported":["code id_token","code","id_token","none"],
  "scopes_supported":["openid","offline_access","email","profile"],
  "subject_types_supported":["public"],
  "token_endpoint_auth_methods_supported":[
    "none",
    "client_secret_basic",
    "client_secret_jwt",
    "client_secret_post",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "token_endpoint":"http://localhost:3000/oidc/token",
  "request_object_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "request_parameter_supported":false,
  "request_uri_parameter_supported":true,
  "require_request_uri_registration":true,
  "userinfo_endpoint":"http://localhost:3000/oidc/me",
  "userinfo_signing_alg_values_supported":["HS256","PS256","RS256","ES256"],
  "introspection_endpoint":"http://localhost:3000/oidc/token/introspection",
  "introspection_endpoint_auth_methods_supported":[
    "none",
    "client_secret_basic",
    "client_secret_jwt",
    "client_secret_post",
    "private_key_jwt"
  ],
  "introspection_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "revocation_endpoint":"http://localhost:3000/oidc/token/revocation",
  "revocation_endpoint_auth_methods_supported":[
    "none",
    "client_secret_basic",
    "client_secret_jwt",
    "client_secret_post",
    "private_key_jwt"
  ],
  "revocation_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "claim_types_supported":["normal"]
}

使用一个简单的测试我登录和我的日志显示(正确)

GET /oidc/auth

但随后,在内部,它重定向到:

GET /interaction/znBzRfhyoBTCg1cFcLult

我需要内部重定向才能转到

GET /oidc/interaction/znBzRfhyoBTCg1cFcLult

如何告诉 OIDC 提供者通过给定mountPath而不是重定向/

4

1 回答 1

1

您将必须配置interactions.url帮助程序。有关更多详细信息,请参阅文档

稍后您将不得不构建自己的最终用户交互,并且无论如何您都必须配置此帮助程序。

于 2020-09-30T16:52:18.683 回答