我想更好地了解这是如何工作的,而且作为奖励,我希望能够对我的用户进行完全身份验证。我正在使用 NodeJS/Express 和 Passport。
function ensureAuthenticated(req, res, next) {
console.log('@@ on ensureAuthenticated saving req.query=' + req.originalUrl);
var stateUrlEncoded = Buffer.from(req.originalUrl).toString('base64');
const authenticator = passport.authenticate('openidconnect', { "scope": [], "state": stateUrlEncoded });
authenticator(req, res, next);
}
getApp().get('/auth/sso/callback',
function (request, response, next) {
var redirectUrlBase64 = Buffer.from(request.query.state, 'base64');
var redirectUrl = redirectUrlBase64.toString("utf8");
console.log('@@ on callback returnTo=' + redirectUrl);
console.log('@@ Reached callback. isAuthenticated=' + request.isAuthenticated());
/*
if (request.isAuthenticated()) {
response.redirect(redirectUrl);
} else {
//console.log('@@ req.user' + request.user.cn);
//var redirectUrl = request.params.callback_uri;
// On initial entry, request.isAuthenticated is false. the authenticate method seems
// to be work after the second time. The service never successfully calls.
if (!redirectUrl) {
redirectUrl = "/health-check";
}
console.log('@@ Detected callback URI' + redirectUrl);
getPassport().authenticate('openidconnect', {
successRedirect: redirectUrl,
failureRedirect: '/failure',
})(request, response, next);
}
*/
/*
getPassport().authenticate('openidconnect', {
successRedirect: redirectUrl,
failureRedirect: '/failure',
})(request, response, next);
*/
getPassport().authenticate('openidconnect',
function (request, response, next) {
console.log('@@ After getPassport().authenticate(): Reached callback. isAuthenticated=' + request.isAuthenticated());
response.redirect(redirectUrl);
});
console.log('@@ CB-7 auth-sso-callback after passport.authenticate');
return next();
}
)
getApp().use('/cost-recovery*', ensureAuthenticated, function (req, res, next) {
var infoB = JSON.stringify(req.user, null, 4);
console.log("@@anonymous print user function user=" + infoB);
return next();
}, cost_recovery_proxy);
我看到它转到登录页面,然后按照指定重定向到回调。但是,返回回调仍然不足以让 Passport 进行身份验证。在进入回调时,它说 request.isAuthenticated 是假的。所以我又打了一次电话,因为我过去看过第二次打通护照的电话。我以注释形式在上面留下了代码以显示我的尝试。
我现在看到了这些信号:
@@ on ensureAuthenticated saving req.query=/cost-recovery @@ on callback returnTo=/cost-recovery @@ Reached callback. isAuthenticated=false @@ CB-7 auth-sso-callback after passport.authenticate
它到达回调,未通过身份验证。与 getPassport().authenticate('openidconnect', 不会被调用。我认为这会在成功时调用处理程序。
如果我回到具有 successRedirect 和 failureRedirect 属性的那个,它确实调用了 successRedirect,但会重复调用,我认为最多 7 次。