所以我正在玩这个教程得到Integrating Azure AD into an AngularJS single page app
。
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-devquickstarts-angular-node
它是针对Azure AD v2.0端点实现的,但遗憾的是我的组织不支持Azure AD v2.0端点,因此我将adal.js和adal-angular库的实验版替换为GA adal.js和adal-angular个库。前端认证工作完美。但是,在我基于passport-azure-ad修改了后端配置之后。后端无法验证隐式授予的令牌。
我在清单文件中将allow implicit flow设置为true。另外,我尝试在另一个使用相同client ID前端但Tenant Name作为后端的示例中使用我的angular和.NET。有效!
这是我的后端配置
exports.creds = {
// The app id you get from the registration portal
audience: 'http://localhost:8080',
clientID: '**********************************',
// Passport will use this URL to fetch the token validation information from Azure AD
identityMetadata: '************************************',
// Required.
// If you are using the common endpoint, you should either set `validateIssuer` to false, or provide a value for `issuer`.
validateIssuer: true,
// Required.
// Set to true if you use `function(req, token, done)` as the verify callback.
// Set to false if you use `function(req, token)` as the verify callback.
passReqToCallback: false,
// Required if you are using common endpoint and setting `validateIssuer` to true.
// For tenant-specific endpoint, this field is optional, we will use the issuer from the metadata by default.
issuer: '**************************************',
isB2C: false,
// Optional. Default value is false.
// Set to true if you accept access_token whose `aud` claim contains multiple values.
allowMultiAudiencesInToken: false,
// Optional. 'error', 'warn' or 'info'
loggingLevel: 'info'
};
我的服务器:
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
// Pull in the Azure AD bearer passport strategy
var OIDCBearerStrategy = require('passport-azure-ad').BearerStrategy;
// This object is used for in-memory data storage, instead of a database.
// Each time you run the server, you will get a fresh, empty list.
var tasks = [];
// Load passport and configure it to use Azure AD Bearer auth
app.use(passport.initialize());
passport.use(new OIDCBearerStrategy({
identityMetadata: config.creds.identityMetadata,
audience: config.creds.audience,
clientID: config.creds.clientID,
validateIssuer: true,
issuer: config.creds.issuer,
}, function (token, done) {
console.log("yooo");
return done(null, token, null);
}));
var router = express.Router();
router.route('/api/tasks')
.post(passport.authenticate('oauth-bearer', { session: false }), controller)
以下是经过前端身份验证后浏览器控制台的输出:
State: **************
adal.js:973 State status:true
adal.js:973 State is right
有人做过类似的事吗?
答案 0 :(得分:1)
正如此问题的作者在上面的评论中所提到的,配置中的受众值应该是客户端ID。
答案 1 :(得分:0)
如果有任何人在使用Angularjs1 + Nodejs + adal.js v1.x
开始时遇到问题这是一个工作示例。只需更改config.js和app.js中的值
即可https://github.com/lightertu/Azure-ActiveDirectory-V1-Angularjs-Nodejs-SPA-Sample