多个作用域的WSO2 API Manager API身份验证失败

时间:2019-06-21 07:10:54

标签: oauth-2.0 wso2 api-manager

我正在尝试使用WSO2 API管理器对我的外部应用程序进行身份验证。我为一个端点添加了一些作用域,并且还分配了一个用户角色,当我尝试使用该用户访问该端点时,我无法访问它。

在我的身份验证应用程序中,我也添加了该范围

这是身份验证应用的代码

var express = require('express');
var router = express.Router();

// Set the configuration settings
const credentials = {
  client: {
    id: 'Bc9am2voec_NAvfJA8KmpiZ0qAca',
    secret: 'hD3_9rDl6Khkb6uYd7vKmnc9ThYa'
  },
  auth: {
    tokenHost: 'https://localhost:8243/',
    tokenPath: 'token',
    authorizeHost: 'https://localhost:8243/',
    authorizePath: 'authorize'
  }
};

// Initialize the OAuth2 Library
const oauth2 = require('simple-oauth2').create(credentials);

/* GET users listing. */
router.get('/signin', function (req, res, next) {
  console.log("Signin")
  // Authorization oauth2 URI
  const authorizationUri = oauth2.authorizationCode.authorizeURL({
    redirect_uri: 'http://localhost:3000/auth/callback',
    scope: ['openid','tpl_edit','OFC-CreateN'], // also can be an array of multiple scopes, ex. ['<scope1>, '<scope2>', '...']
    state: ''
  });

  // Redirect example using Express (see http://expressjs.com/api.html#res.redirect)
  console.log(authorizationUri);
  res.redirect(authorizationUri);
});

router.get('/auth/callback', function (req, res, next) {
  console.log(req.query);
  // Get the access token object (the authorization code is given from the previous step).
  const tokenConfig = {
    code: req.query.code,
    redirect_uri: 'http://localhost:3000/auth/callback',
    scope: 'openid tpl_edit OFC-CreateN', // also can be an array of multiple scopes, ex. ['<scope1>, '<scope2>', '...']
  };
  // THIS HAS TO BE REMOVED IN PRODUCTION
  process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
  // Save the access token
  try {
    oauth2.authorizationCode.getToken(tokenConfig).then(function(result){

      const accessToken = oauth2.accessToken.create(result);
      console.log(accessToken);

      console.log(`
      ##############################################################
      ${JSON.stringify(accessToken, null,  2)}
      ##############################################################
      `)


      res.cookie('somekey',accessToken['token']['access_token'], { maxAge: 900000, httpOnly: false });
      res.redirect("http://localhost:3000/ele/admin/");
    }).catch(function(error){
      console.log(error);
      res.send();
    });
  } catch (error) {
    console.log('Access Token Error', error.message);
    res.send();
  }
});

module.exports = router;

这是api管理器日志


[2019-06-21 12:10:41,663]  INFO - LogMediator STATUS = Executing default 'fault' sequence, ERROR_CODE = 404, ERROR_MESSAGE = No matching resource found for given API Request
[2019-06-21 12:10:41,670]  WARN - APIKeyValidationServiceImpl Invalid session id for thrift authenticator.
[2019-06-21 12:10:41,670] ERROR - APIKeyValidationServiceImpl Error in invoking validate key via thrift..
[2019-06-21 12:10:41,670]  WARN - ThriftKeyValidatorClient Login failed.. Authenticating again..
[2019-06-21 12:10:41,724]  INFO - CarbonAuthenticationUtil 'admin@carbon.super [-1234]' logged in at [2019-06-21 12:10:41,724+0530] from IP address 
[2019-06-21 12:10:41,868]  INFO - DataBridge user admin connected
[2019-06-21 12:10:45,645]  WARN - APIAuthenticationHandler API authentication failure due to The access token does not allow you to access the requested resource
[2019-06-21 12:16:55,401]  INFO - InboundDBSyncRequestEvent Running DB sync task.
[2019-06-21 12:31:55,401]  INFO - InboundDBSyncRequestEvent Running DB sync task.


这是令牌信息


Signin
https://localhost:8243/authorize?response_type=code&client_id=Bc9am2voec_NAvfJA8KmpiZ0qAca&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcallback&scope=openid%2Ctpl_edit%2COFC-CreateNomination&state=
{ code: 'cb28cb01-259b-3938-b980-4bfcacaf2056' }
AccessToken {
  token:
   { access_token: '1898f35f-d9a3-3f18-868b-474384f7517e',
     refresh_token: 'f1dbecb8-a68a-3b53-98e0-157a4d7171ce',
     scope: 'default',
     token_type: 'Bearer',
     expires_in: 3600,
     expires_at: 2019-06-21T07:40:41.477Z } }

      ##############################################################
      {
  "token": {
    "access_token": "1898f35f-d9a3-3f18-868b-474384f7517e",
    "refresh_token": "f1dbecb8-a68a-3b53-98e0-157a4d7171ce",
    "scope": "default",
    "token_type": "Bearer",
    "expires_in": 3600,
    "expires_at": "2019-06-21T07:40:41.477Z"
  }
}
      #################

似乎范围信息无法正常工作,因为访问令牌仍具有默认值。任何人都可以帮助我解决此问题。 谢谢

0 个答案:

没有答案