我正在使用 passport-azure-ad-oauth2 进行 SSO 身份验证。
我正在尝试配置令牌刷新功能,但在将令牌添加到对客户端的响应中时遇到了困难。如果我只发送 accessToken 或 refreshToken,它就可以工作。
如果我同时添加两者,当我检查请求是否经过身份验证时,我不会在请求中获取用户对象。
这是代码:passport-setup.js
// serialize the user.id to save in the cookie session
passport.serializeUser((profile, done) => {
done(null, profile)
})
// deserialize the cookieUserId to user in the database
passport.deserializeUser((profile, done) => {
done(null, profile)
})
const strategy = new AzureOAuth2Strategy({
clientID: config.azureApp.clientID,
clientSecret: config.azureApp.clientSecret,
callbackURL: config.azureApp.callbackUri,
resource: config.azureApp.resource,
tenant: config.azureApp.tenant
},
(accessToken, refreshToken, params, profile, done) =>
azureStrategy(
accessToken,
refreshToken,
params,
profile,
done
)
);
passport.use(strategy)
refresh.use(strategy)
const azureStrategy = require('./passport-azure')
module.exports = strategy
护照-azure.js
module.exports = async function (
accessToken,
refreshToken,
params,
profile,
done
) {
try {
var user = {
accesToken: accessToken,
refresToken: refresToken,
}
return done(null, user) //user is not being passed to request with both tokens
}
catch (error) {
console.log('error on login');
console.log(error)
return done(null, null)
}
}
路由.js
//secured api routes with no redirect
function authorizeApi(req, res, next) {
console.log(req)
if (req.isAuthenticated()) {
return next();
}
else return res.status(401).json({
message : "User Not Authenticated",
user : null,
success: false,
});
console.log('user not auth request')
}
// when login is successful, retrieve user info
router.post("/login/success",authorizeApi, (req, res) => {
res.json({
success: true,
message: "user has successfully been authenticated",
user: req.user,
cookies: req.cookies
});
});
index.js
// define session
app.use(
cookieSession({
name: "session",
keys: [keys.COOKIE_KEY],
maxAge: 24 * 60 * 60 * 1000
})
)
// parse cookies
app.use(cookieParser());
// initalize passport
app.use(passport.initialize());
// deserialize cookie from the browser
app.use(passport.session());
// set up cors to allow us to accept requests from our client
app.use(
cors({
origin: "http://localhost:3000", // allow to server to accept request from different origin
methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
credentials: true, // allow session cookie from browser to pass through
})
);
更新:我想我有一个有效载荷大小问题。我试图发送两个 accessTokens 并且仍然是同样的问题。我不知道是什么导致了这个问题。
UPDATE2:我尝试在对客户端的响应中添加两个令牌(其中一个来自回调,另一个在响应中硬编码),它可以工作。所以我想这是一个 node.JS 中间件问题。