使用jwt进行的passport-azure-ad身份验证失败已过期

时间:2018-12-28 18:54:35

标签: node.js express passport.js passport-azure-ad

我已经根据“ passport-azure-ad”的文档设置了Express应用程序,但是即使经过大量时间并清除了缓存和cookie,初始登录也始终会立即导致Node失败。指定jwt的JS即使已获得,也已过期。我想也许与时区有关,但我也认为Passport应该能够处理时区差异。显然有什么问题吗?

从“节点”日志中:

{"name": "AzureAD: OIDC Passport Strategy", "hostname": "d05a2598e38", "pid": 1436, "level": 30, "msg": "authentication failed due to: In _validateResponse: jwt is expired", "time": "2018-12-28T20:43:24,8492", "v": 0}

策略配置:

"azureAD": {
  "identityMetadata": "https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration",
  "clientID": "withheld",
  "responseType": "id_token code",
  "responseMode": "form_post",
  "redirectUrl": "withheld",
  "clientSecret": "withheld",
  "passReqToCallback": false,
  "scope": ["profile", "offline_access"]
}

策略设置:

  passport.use(new OIDCStrategy({
    identityMetadata: config.azureAD.identityMetadata,
    clientID: config.azureAD.clientID,
    responseType: config.azureAD.responseType,
    responseMode: config.azureAD.responseMode,
    redirectUrl: config.azureAD.redirectUrl,
    clientSecret: config.azureAD.clientSecret,
    passReqToCallback: config.azureAD.passReqToCallback,
    scope: config.azureAD.scope,
    loggingLevel: 'info'
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    if(!profile.oid) return done(new Error('No OID found'), null);
    process.nextTick(function() {
      findByOID(profile.oid, function(err, user) {
        if(err) return done(err);
        if(!user) {
          users.push(profile);
          return done(null, profile);
        }
        return done(null, user);
      });
    });
  }));

  passport.serializeUser(function(user, done) {
    done(null, user.oid);
  });

  passport.deserializeUser(function(id, done) {
    findByOID(id, function(err, user) {
      done(err, user);
    });
  });

  var findByOID = function(oid, fn) {
    for(var i=0, len = users.length; i < len; i++) {
      var user = users[i];
      if(user.oid === oid) return fn(null, user);
    }
    console.log('A user with OID ' + oid + ' was not found')
    return fn(null, null);
  }

路线:

  app.get('/login', function(req, res, next) {
      passport.authenticate('azuread-openidconnect', {
        response: res,
        failureRedirect: '/'
      })(req, res, next);
  }, function(req, res) {
      console.log('DEBUG: Login started');
      res.redirect('/');
  });

  app.post('/openid/return', function(req, res, next) {
    passport.authenticate('azuread-openidconnect', {
      response: res,
      failureRedirect: '/'
    })(req, res, next);
  }, function(req, res) {
      console.log('DEBUG: Response recieved from AAD');
      res.redirect('/');
  });

  app.get('/logout', function(req, res) {
    req.session.destroy(function(err) {
      req.logOut();
      res.redirect('https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https://contoso.net')
    })
  });

0 个答案:

没有答案
相关问题
最新问题