IdentityServer nodejs令牌问题

时间:2016-05-31 10:32:47

标签: node.js passport.js openid-connect identityserver3

我试图在身份服务器中授权我的nodejs服务器。 我在nodejs中使用了passport-openidconnect库。我的nodejs代码:

var express = require('express');
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var Strategy = require('passport-openidconnect').Strategy;

module.exports.configure = function configure(app, passport) {

    var auth = {
        authorizationURL: 'https://localhost:44333/core/connect/authorize',
        tokenURL: 'https://localhost:44333/core/connect/token',
        userInfoURL: 'https://localhost:44333/core/connect/userinfo',
        clientID: 'NodeJsClient',
        clientSecret: 'fakeSecret',
        callbackURL: '/auth/callback',
        scope: 'openid profile email offline_access',
        responseType: "id_token"
    };

    app.use(session({
            secret: 'someSecret',
            resave: false,
            saveUninitialized: false,
            secure: true,
            store: new RedisStore({
                host: '127.0.0.1',
                port: 6379
            })
        }
    ));

    app.use(passport.initialize());
    app.use(passport.session());

    passport.use(new Strategy(auth, function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, verified) {
        verified(null, Object.assign({}, profile, {token: accessToken}));
    }));

    passport.serializeUser(function (user, done) {
        done(null, {id: user.id, name: user.displayName, token: user.token});
    });

    passport.deserializeUser(function (user, done) {
        done(null, user);
    });

    app.get('/auth/login', passport.authenticate('openidconnect', {}));

    app.get('/auth/callback', passport.authenticate('openidconnect', {}),
        function (req, res) {
            if (!req.user) {
                throw new Error('user null');
            }
            res.redirect("/");
        }
    );
};

身份服务器端:

new Client()
                {
                    ClientId = "NodeJsClient",
                    ClientName = "Nodejs Demo Client",
                    AccessTokenType = AccessTokenType.Jwt,

                    ClientSecrets = new List<Secret>()
                    {
                        new Secret("fakeSecret".Sha256())  
                    },

                    Flow = Flows.AuthorizationCode,
                    RedirectUris = new List<string>() { "http://localhost:5200/auth/callback" },
                    AllowedScopes = new List<string>()
                    {
                        Constants.StandardScopes.OpenId,
                        Constants.StandardScopes.Profile,
                        Constants.StandardScopes.Email,
                        Constants.StandardScopes.Roles,
                        Constants.StandardScopes.Address,
                        Constants.StandardScopes.OfflineAccess
                    },

                    AccessTokenLifetime = 3600
                }

当我在允许个人数据权限后尝试授权时,我有错误:

  

InternalOAuthError:无法获取访问令牌

我发现在我的应用程序的重定向请求中没有令牌。问题出在哪儿?你有很好的文档nodejs库来处理

  

OpenID Connect

1 个答案:

答案 0 :(得分:3)

我想出问题出在哪里。 Iside passport-openidconnect我发现了更详细的错误:"Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE"。按照this question中的描述解决了这个问题。此时解决方案完全满足了我。

相关问题
最新问题