我的示例基于此:https ://github.com/oauthjs/express-oauth-server/blob/master/examples/postgresql/index.js
但是,当我尝试访问该/public
路线时,我得到一个 401。我正在访问的 URL 是http://localhost:8080/public?client_id=1234&redirect_uri=http%3A%2F%2Flocalhost:4000&response_type=code&scope=email
这是我的index.ts
:
var expressApp = require('express')
import express from 'express'
import OAuthServer from 'express-oauth-server'
import {AuthorizationCode, Client, User} from 'oauth2-server'
const app = expressApp()
app.oauth = new OAuthServer({
model: {
getClient: async (clientId: string, clientSecret: string) => {
console.log('Reached getClient')
if (clientId !== '1234')
return null
if (clientSecret && clientSecret !== 'abcd')
return null
return {
id: clientId,
redirectUris: ["http://localhost:4000", "http://localhost:5000"],
grants: ["authorization_code", "refresh_token"],
accessTokenLifetime: 3600 * 24, // 1 day
refreshTokenLifetime: 3600 * 24 * 30, // 30 days
}
},
saveAuthorizationCode: async (code: AuthorizationCode, client: Client, user: User) => {
console.log('Reached saveAuthorizationCode')
return {
authorizationCode: code.authorizationCode,
expiresAt: code.expiresAt,
redirectUri: code.redirectUri,
scope: code.scope,
client: client,
user: user,
}
},
getAccessToken: async (accessTokenKey: string) => {
console.log('Reached getAccessToken')
if (accessTokenKey.startsWith('XYZ'))
return null
const expiry_date = new Date()
expiry_date.setHours(expiry_date.getHours() + 1)
return {
accessToken: accessTokenKey,
accessTokenExpiresAt: expiry_date,
scope: ["email", "profile", "openid"],
client: {
id: '1234',
redirectUris: ["http://localhost:4000", "http://localhost:5000"],
grants: ["authorization_code", "refresh_token"],
accessTokenLifetime: 3600 * 24, // 1 day
efreshTokenLifetime: 3600 * 24 * 30, // 30 days
},
user: {
id: 234567,
email: 'foo@bar.com',
},
}
},
} as any, // Just to avoid TS errors to test sample.
//continueMiddleware: true,
})
app.use(express.json())
app.use(express.urlencoded({extended: false}))
app.use(app.oauth.authorize())
const port = 8080
app.listen(port, () => {
console.log('Running server at port ' + port + '...')
})
// Endpoints
app.get('/public', function(_req: any, res: any) {
console.log('Reached /public')
res.send('Public area')
});
“到达/公开”永远不会被打印出来。如果我删除app.use(app.oauth.authorize())
,它的工作原理。
我错过了什么?