我正在尝试使用WSO2 API管理器对我的外部应用程序进行身份验证。我为一个端点添加了一些作用域,并且还分配了一个用户角色,当我尝试使用该用户访问该端点时,我无法访问它。
在我的身份验证应用程序中,我也添加了该范围
这是身份验证应用的代码
var express = require('express');
var router = express.Router();
// Set the configuration settings
const credentials = {
client: {
id: 'Bc9am2voec_NAvfJA8KmpiZ0qAca',
secret: 'hD3_9rDl6Khkb6uYd7vKmnc9ThYa'
},
auth: {
tokenHost: 'https://localhost:8243/',
tokenPath: 'token',
authorizeHost: 'https://localhost:8243/',
authorizePath: 'authorize'
}
};
// Initialize the OAuth2 Library
const oauth2 = require('simple-oauth2').create(credentials);
/* GET users listing. */
router.get('/signin', function (req, res, next) {
console.log("Signin")
// Authorization oauth2 URI
const authorizationUri = oauth2.authorizationCode.authorizeURL({
redirect_uri: 'http://localhost:3000/auth/callback',
scope: ['openid','tpl_edit','OFC-CreateN'], // also can be an array of multiple scopes, ex. ['<scope1>, '<scope2>', '...']
state: ''
});
// Redirect example using Express (see http://expressjs.com/api.html#res.redirect)
console.log(authorizationUri);
res.redirect(authorizationUri);
});
router.get('/auth/callback', function (req, res, next) {
console.log(req.query);
// Get the access token object (the authorization code is given from the previous step).
const tokenConfig = {
code: req.query.code,
redirect_uri: 'http://localhost:3000/auth/callback',
scope: 'openid tpl_edit OFC-CreateN', // also can be an array of multiple scopes, ex. ['<scope1>, '<scope2>', '...']
};
// THIS HAS TO BE REMOVED IN PRODUCTION
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
// Save the access token
try {
oauth2.authorizationCode.getToken(tokenConfig).then(function(result){
const accessToken = oauth2.accessToken.create(result);
console.log(accessToken);
console.log(`
##############################################################
${JSON.stringify(accessToken, null, 2)}
##############################################################
`)
res.cookie('somekey',accessToken['token']['access_token'], { maxAge: 900000, httpOnly: false });
res.redirect("http://localhost:3000/ele/admin/");
}).catch(function(error){
console.log(error);
res.send();
});
} catch (error) {
console.log('Access Token Error', error.message);
res.send();
}
});
module.exports = router;
这是api管理器日志
[2019-06-21 12:10:41,663] INFO - LogMediator STATUS = Executing default 'fault' sequence, ERROR_CODE = 404, ERROR_MESSAGE = No matching resource found for given API Request
[2019-06-21 12:10:41,670] WARN - APIKeyValidationServiceImpl Invalid session id for thrift authenticator.
[2019-06-21 12:10:41,670] ERROR - APIKeyValidationServiceImpl Error in invoking validate key via thrift..
[2019-06-21 12:10:41,670] WARN - ThriftKeyValidatorClient Login failed.. Authenticating again..
[2019-06-21 12:10:41,724] INFO - CarbonAuthenticationUtil 'admin@carbon.super [-1234]' logged in at [2019-06-21 12:10:41,724+0530] from IP address
[2019-06-21 12:10:41,868] INFO - DataBridge user admin connected
[2019-06-21 12:10:45,645] WARN - APIAuthenticationHandler API authentication failure due to The access token does not allow you to access the requested resource
[2019-06-21 12:16:55,401] INFO - InboundDBSyncRequestEvent Running DB sync task.
[2019-06-21 12:31:55,401] INFO - InboundDBSyncRequestEvent Running DB sync task.
这是令牌信息
Signin
https://localhost:8243/authorize?response_type=code&client_id=Bc9am2voec_NAvfJA8KmpiZ0qAca&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcallback&scope=openid%2Ctpl_edit%2COFC-CreateNomination&state=
{ code: 'cb28cb01-259b-3938-b980-4bfcacaf2056' }
AccessToken {
token:
{ access_token: '1898f35f-d9a3-3f18-868b-474384f7517e',
refresh_token: 'f1dbecb8-a68a-3b53-98e0-157a4d7171ce',
scope: 'default',
token_type: 'Bearer',
expires_in: 3600,
expires_at: 2019-06-21T07:40:41.477Z } }
##############################################################
{
"token": {
"access_token": "1898f35f-d9a3-3f18-868b-474384f7517e",
"refresh_token": "f1dbecb8-a68a-3b53-98e0-157a4d7171ce",
"scope": "default",
"token_type": "Bearer",
"expires_in": 3600,
"expires_at": "2019-06-21T07:40:41.477Z"
}
}
#################
似乎范围信息无法正常工作,因为访问令牌仍具有默认值。任何人都可以帮助我解决此问题。 谢谢