用“ passport-openidconnect”替换“ passport-local”策略

时间:2019-04-18 14:40:40

标签: javascript node.js reactjs passport.js

我正在尝试将本地护照策略替换为“ passport-openidconnect”策略。

问题是,我想保留我的自定义登录界面,而无需重定向到OIDC身份验证器网站进行身份验证。

本地护照策略如下所示,如果我在登录页面上单击登录,则可以使用


export const loginStrategy = new LocalStrategy({
    usernameField: 'email',
    passwordField: 'password',
    session: false,
    passReqToCallback: true,

}, (req, email, password, done) => {


    const userData = {
        email: email.trim(),
        password: password.trim(),
    };
    if ( !userData.email || !userData.password ) {
        const error = new Error('Missing credential inputs');
        return done(error);
    }

    return UserModel.findOne({ email:userData.email }, (err, user) => {
        if (err) return done(err);

        if (!user) {
            const error = new Error('Incorrect email or password');
            return done(error);
        }

        return user.comparePassword(userData.password, (pwErr, isMatch) => {
            if (err) return done(err);

            if (!isMatch) {
                const error = new Error('Incorrect email or password');
                return done(error);
            }

            const payload = { sub: user._id };
            const token = jwt.sign(payload, jwtSecret);
            const data = {
                username: user.username,
                email: user.email,
                fullname: user.fullname,
                role: user.role,
                affiliate: user.affiliate,
            };
            return done(null, token, data);
        });
    });
});

我的openid-connect策略如下:

export const loginStrategy = new OidcStrategy({
        issuer: 'https://okta.com/oauth2/default',
        authorizationURL: 'https://okta.com/oauth2/default/v1/authorize',
        tokenURL: 'https://okta.com/oauth2/default/v1/token',
        userInfoURL: 'https://okta.com/oauth2/default/v1/userinfo',
        clientID: 'bar',
        clientSecret: 'foo',
        callbackURL: 'http://localhost:8300/authorization-code/callback',
        scope: 'openid profile email',

}, (issuer, sub, profile, accessToken, refreshToken, done) => {

        // console.log(sub);
        const token = accessToken;
        const data = {
        username: profile._json.given_name,
        email: profile._json.email,
        fullname: profile._json.name,
        role: profile._json.user,
        affiliate: profile._json.affiliate,
        };

        // console.log(data);

return done(null, token, data);
});

有什么办法可以保留我的自定义登录屏幕并向ist添加开放ID连接身份验证?

0 个答案:

没有答案