我正在尝试使用Node,Express,Passport和Auth0设置身份验证系统。每当用户尝试登录时,Auth0都会记录一次成功登录,但是req.user在我的应用程序中仍未定义。
我以前使用的是Okta OIDC,并且对我有用。我使用了本教程:https://auth0.com/docs/quickstart/webapp/nodejs/01-login进行切换。
这是我在本教程中使用的身份验证中间件:
// Perform the login, after login Auth0 will redirect to callback
router.get('/login', passport.authenticate('auth0', {
scope: 'openid email profile'
}), function (req, res) {
res.redirect('/');
});
// Perform the final stage of authentication and redirect to previously requested URL or '/user'
router.get('/callback', function (req, res, next) {
console.log('entering final stage of authentication');
passport.authenticate('auth0', function (err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function (err) {
if (err) { return next(err); }
const returnTo = req.session.returnTo;
delete req.session.returnTo;
res.redirect(returnTo || '/dashboard');
});
})(req, res, next);
});
身份验证后,用户将重定向到我的回调URL(/ dashboard)。
router.get('/dashboard', secured(), function (req, res, next) {
const { _raw, _json, ...userProfile } = req.user;
//....
res.render('dashboard');
});
这会触发受保护的中间件:
module.exports = function () {
return function secured (req, res, next) {
if (req.user) { console.log('successfully authenticated'); return next();}
console.log('failed authentication');
req.session.returnTo = req.originalUrl;
res.redirect('/login');
};
};
在这里,req.user是未定义的,因此该用户再次被重定向到/ login,并且此循环重复,并产生以下日志:
GET /login 302 5.512 ms - 0
failed authentication
GET /dashboard?code=UDY7WYrXdtAWspnN&state=gGFkqbi9BlxDizGwO6hS9aaj 302 11.138 ms - 56
GET /login 302 1.675 ms - 0
failed authentication
GET /dashboard?code=mcGKEI4SmmyMfUJW&state=U8jOr7GsoXtQNyxVyKwbfA6e 302 6.735 ms - 56
GET /login 302 1.398 ms - 0
failed authentication
GET /dashboard?code=9Evpigv7JMFqxrfM&state=YkQLHvCuTLn8RZNN8bfAAMdU 302 5.207 ms - 56
等
这是我的快速设置:
var express = require('express');
var createError = require('http-errors');
var path = require('path');
var logger = require('morgan');
var dotenv = require('dotenv');
var session = require("cookie-session");
var sess = {
secret: <secret>,
}
var passport = require('passport');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var Auth0Strategy = require('passport-auth0');
dotenv.config();
var strategy = new Auth0Strategy(
{
domain: process.env.AUTH0_DOMAIN,
clientID: process.env.AUTH0_CLIENT_ID,
clientSecret: process.env.AUTH0_CLIENT_SECRET,
callbackURL:
process.env.AUTH0_CALLBACK_URL || 'http://localhost:8080/dashboard'
},
function (accessToken, refreshToken, extraParams, profile, done) {
// accessToken is the token to call Auth0 API (not needed in the most cases)
// extraParams.id_token has the JSON Web Token
// profile has all the information from the user
return done(null, profile);
}
);
passport.use(strategy);
passport.serializeUser(function (user, done) {
done(null, user);
});
passport.deserializeUser(function (user, done) {
done(null, user);
});
var app = module.exports = express();
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser(<secret (same as express-session secret)>));
if (app.get('env') === 'production') {
sess.cookie.secure = true; // serve secure cookies, requires https
}
app.use(session(sess));
app.use(passport.initialize());
app.use(passport.session());
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.json());
var userInViews = require('./node_modules/userInViews');
var authRouter = require('./routes/auth');
var indexRouter = require('./routes/public');
var usersRouter = require('./routes/users');
app.use(userInViews());
app.use('/', authRouter);
app.use('/', indexRouter);
app.use('/', usersRouter);