0

我的示例基于此:https ://github.com/oauthjs/express-oauth-server/blob/master/examples/postgresql/index.js

但是,当我尝试访问该/public路线时,我得到一个 401。我正在访问的 URL 是http://localhost:8080/public?client_id=1234&redirect_uri=http%3A%2F%2Flocalhost:4000&response_type=code&scope=email

这是我的index.ts

var expressApp = require('express')
import express from 'express'
import OAuthServer from 'express-oauth-server'
import {AuthorizationCode, Client, User} from 'oauth2-server'


const app = expressApp()

app.oauth = new OAuthServer({
  model: {
    getClient: async (clientId: string, clientSecret: string) => {
      console.log('Reached getClient')
      
      if (clientId !== '1234')
        return null
      if (clientSecret && clientSecret !== 'abcd')
        return null

      return {
        id: clientId,
        redirectUris: ["http://localhost:4000", "http://localhost:5000"],
        grants: ["authorization_code", "refresh_token"],
        accessTokenLifetime: 3600 * 24, // 1 day
        refreshTokenLifetime: 3600 * 24 * 30, // 30 days
      }
    },
    saveAuthorizationCode: async (code: AuthorizationCode, client: Client, user: User) => {
      console.log('Reached saveAuthorizationCode')
      
      return {
        authorizationCode: code.authorizationCode,
        expiresAt: code.expiresAt,
        redirectUri: code.redirectUri,
        scope: code.scope,
        client: client,
        user: user,
      }
    },
    getAccessToken: async (accessTokenKey: string) => {
      console.log('Reached getAccessToken')
      
      if (accessTokenKey.startsWith('XYZ'))
        return null

      const expiry_date = new Date()
      expiry_date.setHours(expiry_date.getHours() + 1)

      return {
        accessToken: accessTokenKey,
        accessTokenExpiresAt: expiry_date,
        scope: ["email", "profile", "openid"],
        client: {
          id: '1234',
          redirectUris: ["http://localhost:4000", "http://localhost:5000"],
          grants: ["authorization_code", "refresh_token"],
          accessTokenLifetime: 3600 * 24, // 1 day
          efreshTokenLifetime: 3600 * 24 * 30, // 30 days
        },
        user: {
          id: 234567,
          email: 'foo@bar.com',
        },
      }
    },
  } as any, // Just to avoid TS errors to test sample.
  //continueMiddleware: true,
})

app.use(express.json())
app.use(express.urlencoded({extended: false}))
app.use(app.oauth.authorize())

const port = 8080
app.listen(port, () => {
  console.log('Running server at port ' + port + '...')
})

// Endpoints
app.get('/public', function(_req: any, res: any) {
  console.log('Reached /public')
  res.send('Public area')
});

“到达/公开”永远不会被打印出来。如果我删除app.use(app.oauth.authorize()),它的工作原理。

我错过了什么?

4

1 回答 1

0

这很大程度上是由于 Express 中的中间件排序方式。在公共路由之前的行 app.use(app.oauth.authorize()) 确保对该路由的请求首先通过授权中间件。

于 2021-06-26T02:37:36.327 回答