我正在尝试通过 Azure AD Passport.js OIDCStrategy 进行登录。到目前为止,我使用接下来的两页(除了谷歌和在 stackoverflow 上查看问题)作为资源最多:
- https://github.com/AzureAD/passport-azure-ad
- https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs
我有以下问题,因为我还想扩展关于 passport.js 和 Azure AD 策略的知识:
- 当我转到 /auth/AzureAD 时,我被重定向到https://login.microsoftonline.com/登录表单。但是,当我输入有效的登录凭据时,我会被重定向到 redirectUrl。我究竟做错了什么?
- /auth/AzureAD/callback 还应该有一个 router.post 吗?如果有,为什么?
- 对于其他 passport.js 策略(谷歌和本地),我们需要将一些详细信息存储到我们的 MongoDB 中。不应该对 Azure AD 策略也这样做吗?如果是,哪些细节?
- 什么时候使用 BearerStrategy 而不是 OIDCStrategy?
我很确定我已经以正确的方式配置了 identityMetadata 和 ClientID。我不会分享这些信息,因为我不确定我这样做是否正确。
如果你能帮助我朝着正确的方向前进,已经非常感谢了!!!
护照.js
const passport = require('passport');
const OIDCStrategy = require('passport-azure-ad').OIDCStrategy
const mongoose = require('mongoose');
const User = require('../Models/User');
passport.use(
new OIDCStrategy(
{
identityMetadata: 'https://login.microsoftonline.com/XXX.onmicrosoft.com/v2.0/.well-known/openid-configuration',
clientID: 'XXX',
responseType: 'code id_token',
responseMode: 'form_post',
redirectUrl: 'http://localhost:3000/auth/AzureAD/callback',
allowHttpForRedirectUrl: true,
clientSecret: 'XXX',
validateIssuer: false,
isB2C: false,
issuer: null,
passReqToCallback: false,
scope: ['profile', 'offline_access'],
loggingLevel: 'info',
nonceLifetime: null,
nonceMaxAmount: 6,
clockSkew: 300,
},
function(iss, sub, profile, accessToken, refreshToken, done) {
if (!profile.oid) {
return done(new Error("No oid found"), null);
}
// asynchronous verification, for effect...
process.nextTick(function () {
findByOid(profile.oid, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
users.push(profile);
return done(null, profile);
}
return done(null, user);
});
});
}
));
应用程序.js
//Passport middleware - Express Session
session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection, collection: 'sessions' }),
})
app.use(passport.initialize());
app.use(passport.session());
auth.js
const express = require('express')
const passport = require('passport')
const router = express.Router()
// @desc Auth with Google
// @route GET /auth/AzureAD
router.get('/AzureAD', passport.authenticate("azuread-openidconnect", { scope: ['profile'] }))
// @desc AzureAD auth callback
// @route GET /auth/AzureAD/callback
router.get(
'/AzureAD/callback',
passport.authenticate("azuread-openidconnect", { failureRedirect: '/login' }),
(req, res) => {
res.redirect('/')
}
)
登录.ejs
<div class="section">
<a href="/auth/AzureAD" class="btn red darken-1">
<i class="fab fa-microsoft"></i> Log In With Azure
</a>
</div>