如何将OpenId Connect与ember-cli应用程序一起使用?

时间:2015-05-20 00:27:56

标签: ember-cli azure-active-directory openid-connect torii

现在我正在寻找使用Ember-cli作为我的前端,我需要使用OpenID Connect进行身份验证和授权。

以前有人做过这样的事吗?到目前为止我找不到任何例子。我遇到了“ember-cli-simple-auth”,“ember-cli-simple-auth-oauth2”,“ember-cli-simple-auth-token”。

我猜我应该使用'ember-cli-simple-token'?有没人试过这个?如果是这样你能指出我的任何例子/阅读资源吗?

更新:(7月15日15日) 我一直在研究'torii'特别是'ember-cli-torii-azure-provider'。我可以获得授权代码,但没有Id_Token(我猜它是因为它没有要求Azure AD用于Id_Token),看起来我需要考虑编写一个新的torii提供程序。根据Torii文档,

Torii将在Ember应用程序容器中查找提供程序,因此如果按常规命名它们(将它们放在app / torii-providers目录中),则在使用ember-cli或ember app kit时它们将自动可用。 / em>的

这是不是意味着,在我的ember-cli项目中,我需要创建'torii-providers'文件夹并创建新的提供程序?让我们说'torii-azure-openidconnect.js'?

更新:

我正在尝试为AzureAD OpenID Connect创建自定义Torii提供程序。

我收到了“错误:提供商的回复缺少这些必需的响应参数:id_token”

这是我的自定义提供商:

import Ember from 'ember';
import Oauth2 from 'torii/providers/oauth2-code';
import {configurable} from 'torii/configuration';

var computed = Ember.computed;

/**
 * This class implements authentication against AzureAD
 * using the OAuth2 authorization flow in a popup window.
 * @class
 */
export default Oauth2.extend({
  name: 'azure-ad-oidc',

  baseUrl: computed(function() {
      return 'https://login.windows.net/' + this.get('tennantId') + '/oauth2/authorize';
    }),

    tennantId: configurable('tennantId', 'common'),

    // additional url params that this provider requires
    requiredUrlParams: ['api-version','response_mode', 'nonce'],

    optionalUrlParams: ['scope'],

    responseMode: configurable('responseMode', null),

    responseParams: computed(function () {
      return [ this.get('responseType') ];
    }),

    state: 'STATE',

    apiVersion: '1.0',

    nonce : configurable('nonce', null),

    responseType: configurable('responseType', 'null'),

    redirectUri: configurable('redirectUri', function(){
      // A hack that allows redirectUri to be configurable
      // but default to the superclass
      return this._super();
    }),

    open: function(){
      var name        = this.get('name'),
          url         = this.buildUrl(),
          redirectUri = this.get('redirectUri'),
          responseParams = this.get('responseParams'),
          responseType = this.get('responseType'),
          state = this.get('state'),
          shouldCheckState = responseParams.indexOf('state') !== -1;

      return this.get('popup').open(url, responseParams).then(function(authData){
        var missingResponseParams = [];

        responseParams.forEach(function(param){
          if (authData[param] === undefined) {
            missingResponseParams.push(param);
          }
        });

        if (missingResponseParams.length){
          throw new Error("The response from the provider is missing " +
                "these required response params: " + missingResponseParams.join(', '));
        }

        if (shouldCheckState && authData.state !== state) {
          throw new Error('The response from the provider has an incorrect ' +
                          'session state param: should be "' + state + '", ' +
                          'but is "' + authData.state + '"');
        }

        return {
          authorizationCode: authData[responseType],
          provider: name,
          redirectUri: redirectUri
        };
      });
    }

});

configuration.js

torii: {
  sessionServiceName: 'toriiSession',
  providers: {
    'azure-ad-oidc' :{
      tennantId : 'tenant id',
      client_id : 'client_id',
      redirectUri : 'http://localhost:4200',
      nonce : 'my_nonce',
      responseMode : 'form_post',
      responseType : 'id_token',
      scope : 'openid',
      apiKey : ''
    }
  }
},

路由/ application.js中

import Ember from 'ember';

export default Ember.Route.extend({
  actions: {
    azureLogin: function() {
        this.get('torii').open('azure-ad-oidc').then(function(data) {
              var authCode = this.get('toriiSession.authorizationCode');
              console.log(authCode);
        });
    }
  }
});

无法锻炼如何解决这个问题..我错过了什么?

1 个答案:

答案 0 :(得分:0)

请参阅ember-simple-auth-oidc,该文件实现了OpenID Connect的授权代码流,并与ember-simple-auth集成。

(我知道这个问题已经问了很久了,但是也许可以帮助将来遇到这个问题的人)