0

我在我的项目中实现了 node oidc Provider 并且我也得到了 access_token 。但在不同格式的访问令牌中。如何更改 jwt 令牌格式,我将更改 access_token 格式添加到 jwt,但它无法正常工作。如何解决这个问题,我还需要如何设置适配器配置。

在此处输入图像描述

配置.ts

const oidc = new Provider('http://localhost:3000', {
  adapter:SequelizeAdapter,
  clients: [
    {
      client_id: 'oidcCLIENT',
      client_secret: '...',
      grant_types: ['refresh_token', 'authorization_code'],
      redirect_uris: ['http://sso-client.dev/providers/7/open_id', 'http://sso-client.dev/providers/8/open_id'],
    }
  ],
  interactions: {
    url(ctx, interaction) { // eslint-disable-line no-unused-vars
      return `/interaction/${interaction.uid}`;
    },
  },
  cookies: {
    keys: ['some secret key', 'and also the old rotated away some time ago', 'and one more'],
  },
  claims: {
    address: ['address'],
    email: ['email', 'email_verified'],
    phone: ['phone_number', 'phone_number_verified'],
    profile: ['birthdate', 'family_name', 'gender', 'given_name', 'locale', 'middle_name', 'name',
      'nickname', 'picture', 'preferred_username', 'profile', 'updated_at', 'website', 'zoneinfo'],
  },
  format:{
    AccessToken:'jwt'
  },
  features: {
    devInteractions: { enabled: true }, // defaults to true
    mTLS: {
      enabled: true,
      certificateBoundAccessTokens: true,
      selfSignedTlsClientAuth: true,
      getCertificate(ctx) {
        return unescape(ctx.get('x-ssl-client-cert').replace(/\+/g, ' '));
      },
      certificateAuthorized(ctx) {
        return ctx.get('x-ssl-client-verify') === 'SUCCESS';
      },
      certificateSubjectMatches(ctx, property, expected) {
        if (property !== 'tls_client_auth_subject_dn') {
        }
        return ctx.get('x-ssl-client-s-dn') === expected;
      },
    },
    claimsParameter: { enabled: true },
    deviceFlow: { enabled: true },
    dPoP: { enabled: true },
    encryption: { enabled: true },
    jwtUserinfo: { enabled: true },
    introspection: { enabled: true },
    registration: { enabled: true },
    registrationManagement: { enabled: true, rotateRegistrationAccessToken: true },
    jwtResponseModes: { enabled: true },
    pushedAuthorizationRequests: { enabled: true },
    requestObjects: {
      request: true,
      requestUri: true,
      mode: 'strict',
    },
    // deviceFlow: { enabled: true }, // defaults to false
    revocation: { enabled: true }, // defaults to false
    userinfo: {enable:true}
  },
  findAccount: Account.findAccount,
  issueRefreshToken: async (ctx, client, code) => {
      return client.grantTypeAllowed('refresh_token') && (code.scopes.has('offline_access') || code.scopes.has('openid') || code.scopes.has('token'));
  },

  jwks: {
    keys: [
      {
        d: 'VEZOsY07JTFzGTqv6cC2Y32vsfChind2I_TTuvV225_-0zrSej3XLRg8iE_u0-3GSgiGi4WImmTwmEgLo4Qp3uEcxCYbt4NMJC7fwT2i3dfRZjtZ4yJwFl0SIj8TgfQ8ptwZbFZUlcHGXZIr4nL8GXyQT0CK8wy4COfmymHrrUoyfZA154ql_OsoiupSUCRcKVvZj2JHL2KILsq_sh_l7g2dqAN8D7jYfJ58MkqlknBMa2-zi5I0-1JUOwztVNml_zGrp27UbEU60RqV3GHjoqwI6m01U7K0a8Q_SQAKYGqgepbAYOA-P4_TLl5KC4-WWBZu_rVfwgSENwWNEhw8oQ',
        dp: 'E1Y-SN4bQqX7kP-bNgZ_gEv-pixJ5F_EGocHKfS56jtzRqQdTurrk4jIVpI-ZITA88lWAHxjD-OaoJUh9Jupd_lwD5Si80PyVxOMI2xaGQiF0lbKJfD38Sh8frRpgelZVaK_gm834B6SLfxKdNsP04DsJqGKktODF_fZeaGFPH0',
        dq: 'F90JPxevQYOlAgEH0TUt1-3_hyxY6cfPRU2HQBaahyWrtCWpaOzenKZnvGFZdg-BuLVKjCchq3G_70OLE-XDP_ol0UTJmDTT-WyuJQdEMpt_WFF9yJGoeIu8yohfeLatU-67ukjghJ0s9CBzNE_LrGEV6Cup3FXywpSYZAV3iqc',
        e: 'AQAB',
        kty: 'RSA',
        n: 'xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ',
        p: '5wC6nY6Ev5FqcLPCqn9fC6R9KUuBej6NaAVOKW7GXiOJAq2WrileGKfMc9kIny20zW3uWkRLm-O-3Yzze1zFpxmqvsvCxZ5ERVZ6leiNXSu3tez71ZZwp0O9gys4knjrI-9w46l_vFuRtjL6XEeFfHEZFaNJpz-lcnb3w0okrbM',
        q: '3I1qeEDslZFB8iNfpKAdWtz_Wzm6-jayT_V6aIvhvMj5mnU-Xpj75zLPQSGa9wunMlOoZW9w1wDO1FVuDhwzeOJaTm-Ds0MezeC4U6nVGyyDHb4CUA3ml2tzt4yLrqGYMT7XbADSvuWYADHw79OFjEi4T3s3tJymhaBvy1ulv8M',
        qi: 'wSbXte9PcPtr788e713KHQ4waE26CzoXx-JNOgN0iqJMN6C4_XJEX-cSvCZDf4rh7xpXN6SGLVd5ibIyDJi7bbi5EQ5AXjazPbLBjRthcGXsIuZ3AtQyR0CEWNSdM7EyM5TRdyZQ9kftfz9nI03guW3iKKASETqX2vh0Z8XRjyU',
        use: 'sig',
      }, {
        crv: 'P-256',
        d: 'K9xfPv773dZR22TVUB80xouzdF7qCg5cWjPjkHyv7Ws',
        kty: 'EC',
        use: 'sig',
        x: 'FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4',
        y: '_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4',
      },
    ],
  },
  ttl: {
    AccessToken: 24*60*60,//3600,
    AuthorizationCode: 24*60*60,//600,
    ClientCredentials: 24*60*60,//600,
    DeviceCode: 24*60*60,//600,
    IdToken: 24*60*60,//3600,
    RefreshToken: 24*60*60,//1209600,
},
});
4

2 回答 2

1

这是由于 nod oidc 提供程序版本而发生的。对于ver#7,您需要提供resourceIndicators,而不是formats:{Access token:'jwt'}(在ver#6 中完美运行)。

点击此链接了解更多信息,Panva(Filip Skoken,该库的作者)提供了详细信息。

关于获取 JWT 令牌的讨论。: https ://github.com/panva/node-oidc-provider/discussions/959

资源指标: https ://github.com/panva/node-oidc-provider/blob/main/docs/README.md#featuresresourceindicators

于 2021-06-06T17:33:57.280 回答
-2

作者关于格式定制器的更新回复应该更优雅。

见:https ://github.com/panva/node-oidc-provider/discussions/959

于 2021-11-30T05:41:17.123 回答