Question

我制作了一个聊天机器人，我想使用OIDCStrategy使用Azure ad b2c授权用户。在控制台中，它始终记录authentication failed due to: In collectInfoFromReq: policy is missing。该策略已在Azure中设置。而且我找不到在代码中声明策略的地方。这是我的服务器：

server.get('/login',
     passport.authenticate('azuread-openidconnect',
     {
          failureRedirect:'/fail'
     }),
     function(req,res,next){
         console.log('Login was called');
         res.redirect('/',next); 
     }
)

server.post('/api/auth', passport.authenticate('azuread-openidconnect'));

与azure ad b2c的连接：

passport.use(new OIDCStrategy({
    redirectUrl:'http://localhost:3978/api/auth',
    allowHttpForRedirectUrl:true,
    clientID:'5fe844d7-e4d1-4c4c-ba70-078297b00abc',
    clientSecret:'?aTvTEbwcNfUF2,^',
    identityMetadata: 'https://login.microsoftonline.com/nuffieldbot.onmicrosoft.com/v2.0/.well-known/openid-configuration', 
    skipUserProfile: true,
    responseType: 'code',
    responseMode: 'form_post',
    isB2C:true,
    scope:['email','profile','offline_access','https://outlook.office.com/mail/read'],
    loggingLevel:'info',
    tenantName:'nuffieldbot.onmicrosoft.com',
    passReqToCallback:true
},function(req, iss, sub, profile, accessToken, refreshToken, done){
   log.info('Example:Email address we received was:', profile.email);
   process.nextTick(function(){
       findByEmail(profile.email,function(err,user){
           if (err) {
               return done(err);
           }
           if (!user){
               users.push(profile);
               return done(null, profile);
           }
           return done(null, user);
       })
   })
  }

));

我在哪里可以在我的代码中声明此政策？

Answer 1

对于B2C，我们必须有策略，如果你没有在请求的查询字符串中设置策略名称，它将抛出错误：In collectInfoFromReq: policy is missing。请参阅oidcstrategy.js的source code：

 // for B2C, we must have policy
  if (self._options.isB2C && !params.policy)
    return next(new Error('In collectInfoFromReq: policy is missing'));

您必须在请求中设置策略：

 <a href="/login/?p=B2C_1_sign">Sign In</a>

您还可以参考代码示例：Azure Active Directory OIDC Web Sample

Microsoft ad b2c问题：政策缺失

1 个答案: