当在多个Node.js实例上部署时,passport.js是否需要会话亲和性?当我使用会话亲和性时,身份验证可以与多个实例(在负载均衡器后面)正常工作。我使用redis作为会话存储。但是,当不使用会话亲缘关系时,passport.js失败并出现下面给出的错误。使用单个实例它始终有效。有没有办法让passport.js在没有会话亲和力的情况下工作。
500 Failed to verify assertion (message: Invalid association handle)
at Strategy.authenticate.identifier (node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36)
at _verifyAssertionData (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1053:12)
at _verifyAssertionAgainstProvider (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1178:14)
at _checkSignatureUsingAssociation (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1229:14)
at Object.openid.loadAssociation (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:111:5)
at _checkSignatureUsingAssociation (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1221:10)
at _checkSignature (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1211:5)
at _verifyAssertionAgainstProvider (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1174:3)
at _verifyDiscoveredInformation node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1145:16)
at openid.discover (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:668:7)
使用护照的代码段:
app.set('port', process.env.PORT || 8080);
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.query());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ key: 'JSESSIONID', secret: '****', cookie : {httpOnly:false,
maxAge: 5*60*1000, path: '/'},
store: new RedisStore({ prefix: 'sid:', client: redisClient })
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
app.get('/auth/google', passport.authenticate('google'));
app.get('/auth/google/return',
passport.authenticate('google', { successRedirect: '/success',
failureRedirect: '/login' }));
我还有serializeUser和deserializeUser,它使用redis存储来存储/检索用户对象 - 但是当身份提供程序重定向回回调URI时会发生此错误。我正在AppFog中部署我的应用程序并使用JSESSIONID cookie密钥设置会话亲缘关系(这就是cloudfoundry负载平衡器的工作方式)。如果我使用任何其他密钥(这意味着会话亲和关闭),那么passport.js会抛出错误。
答案 0 :(得分:7)
我想我已修好了。有一个选项:'无状态'可以传递给GoogleStrategy。我通过查看来源找出了它:https://github.com/jaredhanson/passport-openid/blob/master/lib/passport-openid/strategy.js。因此,GoogleStrategy实例化必须是:
new GoogleStrategy({
returnURL: BASE + '/auth/google/return',
realm: BASE + "/",
stateless: true
}
感谢Jared Hanson实施这样的选择! (希望它会在主站点上记录下来。)