我已经按照本教程进行了准备:https://auth0.com/blog/manage-a-collection-of-secure-api-endpoints-with-postman/#Authorization-in-Postman
它真的很好用,我可以获得访问令牌。
我的Node / Express应用程序中有通过中间件保护的路由。通过Auth0护照策略执行登录。
当我尝试使用上述教程提供的访问令牌从Postman调用这些路由时,我得到的响应只是将我定向到Auth0登录页面。最终,如果我必须构建前端只是为了测试安全路由,那么对构建后端来说将是一个挑战。
这是对邮递员的回复:
<html>
<head>
<title>Sign In with Auth0</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="robots" content="noindex, nofollow">
<link rel="shortcut icon" href="https://cdn.auth0.com/styleguide/components/2.0.2/media/logos/img/favicon.png">
</head>
...etc
这是我的路线:
app.get("/test", secured, (req, res) => {
res.send("Hiya!");
});
这是中间件(受保护的):
module.exports = (req, res, next) => {
if (!req.user) {
req.session.returnTo = req.originalUrl;
return res.redirect("/auth/login");
}
next();
};
这是我的护照实施方式:
const passport = require("passport");
const auth0Strategy = require("passport-auth0");
const keys = require("../config/keys");
require("../models/user");
const mongoose = require("mongoose");
const User = mongoose.model("user");
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
// Configure Passport to use Auth0
const strategy = new auth0Strategy(
{
domain: keys.authDomain,
clientID: keys.authClientID,
clientSecret: keys.authClientSecret,
callbackURL: keys.authCallbackURL
},
async (accessToken, refreshToken, extraParams, profile, done) => {
try {
const existingUser = await User.findOne({ authId: profile.id });
if (existingUser) {
return done(null, { ...existingUser, ...profile });
}
const user = await new User({
authId: profile.id
}).save();
return done(null, profile);
} catch (error) {
res.send(error);
}
}
);
// Apply passport middleware
passport.use(strategy);