0

我正在使用 passport-azure-ad-oauth2 进行 SSO 身份验证。

我正在尝试配置令牌刷新功能,但在将令牌添加到对客户端的响应中时遇到了困难。如果我只发送 accessToken 或 refreshToken,它就可以工作。

如果我同时添加两者,当我检查请求是否经过身份验证时,我不会在请求中获取用户对象。

这是代码:passport-setup.js

// serialize the user.id to save in the cookie session
passport.serializeUser((profile, done) => {
  done(null, profile)
})
// deserialize the cookieUserId to user in the database
passport.deserializeUser((profile, done) => {
  done(null, profile)
})


const strategy = new AzureOAuth2Strategy({
  clientID: config.azureApp.clientID,
  clientSecret: config.azureApp.clientSecret,
  callbackURL: config.azureApp.callbackUri,
  resource: config.azureApp.resource,
  tenant: config.azureApp.tenant
},
  (accessToken, refreshToken, params, profile, done) =>
    azureStrategy(
      accessToken,
      refreshToken,
      params,
      profile,
      done
    )
);

passport.use(strategy)
refresh.use(strategy)

const azureStrategy = require('./passport-azure')

module.exports = strategy

护照-azure.js

module.exports = async function  (
  accessToken,
  refreshToken,
  params,
  profile,
  done
) {
  try {  
  var user = {
    accesToken: accessToken,
    refresToken: refresToken,
  }

  return done(null, user) //user is not being passed to request with both tokens
}
catch (error) {
  console.log('error on login');
  console.log(error)

  return done(null, null)
}
}

路由.js

 //secured api routes with no redirect
  function authorizeApi(req, res, next) {
    console.log(req)
    if (req.isAuthenticated()) {
        return next();
    } 
      else return     res.status(401).json({
       message : "User Not Authenticated",
       user : null,
       success: false,
     });
     console.log('user not auth request')
    
}


// when login is successful, retrieve user info
router.post("/login/success",authorizeApi, (req, res) => {
    res.json({
      success: true,
      message: "user has successfully been authenticated",
      user: req.user,
      cookies: req.cookies
    }); 
});

index.js

// define session
app.use(
  cookieSession({
    name: "session",
    keys: [keys.COOKIE_KEY],
    maxAge: 24 * 60 * 60 * 1000
  })
)

// parse cookies
app.use(cookieParser());

// initalize passport
app.use(passport.initialize());

// deserialize cookie from the browser
app.use(passport.session());

// set up cors to allow us to accept requests from our client
app.use(
  cors({
    origin: "http://localhost:3000", // allow to server to accept request from different origin
    methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
    credentials: true, // allow session cookie from browser to pass through
  })
);

更新:我想我有一个有效载荷大小问题。我试图发送两个 accessTokens 并且仍然是同样的问题。我不知道是什么导致了这个问题。

UPDATE2:我尝试在对客户端的响应中添加两个令牌(其中一个来自回调,另一个在响应中硬编码),它可以工作。所以我想这是一个 node.JS 中间件问题。

4

0 回答 0