Azure active directory 使用azuread openidconnect的express js Passport中间件
我已经在passport中配置了Azure active directory 使用azuread openidconnect的express js Passport中间件,azure-active-directory,openid-connect,adal,passport-azure-ad,Azure Active Directory,Openid Connect,Adal,Passport Azure Ad,我已经在passport中配置了OIDCStrategy,应用程序重定向到帐户登录,然后我获得了一个访问令牌。在我尝试使用下面的方法保护路由后,它总是重定向到身份验证页面 app.get('/test', (req, res, next) => { if (req.isAuthenticated()) { return next(); } res.redirect('/auth'); }, (request, response, next) => { resp
OIDCStrategy
,应用程序重定向到帐户登录,然后我获得了一个访问令牌。在我尝试使用下面的方法保护路由后,它总是重定向到身份验证页面
app.get('/test', (req, res, next) => {
if (req.isAuthenticated()) { return next(); }
res.redirect('/auth');
}, (request, response, next) => {
response.status(200)
.json({
message: 'SUCCESS',
});
})
我也尝试过这种方法
app.get('/test', passport.authenticate('azuread-openidconnect', { session: true, failureRedirect: '/auth' }), (request, response, next) => {
response.status(200)
.json({
message: 'SUCCESS',
});
});
护照配置
const passport = require('passport');
const { OIDCStrategy, BearerStrategy } = require('passport-azure-ad');
const passportModule = express.Router();
passport.serializeUser(function (user, done) {
done(null, user.oid);
});
passport.deserializeUser(function (oid, done) {
findByOid(oid, function (err, user) {
done(err, user);
});
});
const users = [];
const findByOid = function (oid, fn) {
for (var i = 0, len = users.length; i < len; i++) {
var user = users[i];
console.info('we are using user: ', user);
if (user.oid === oid) {
return fn(null, user);
}
}
return fn(null, null);
};
const azureOpenIDStrategy = new OIDCStrategy({
identityMetadata: "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration",
clientID: "cec04b71-137b-4a99-80c6-e0fc88a2e7c5",
responseType: "code",
responseMode: 'form_post',
redirectUrl: redirectUrl,
allowHttpForRedirectUrl: false,
clientSecret: "",
isB2C: false,
validateIssuer: false,
issuer: null,
passReqToCallback: false,
useCookieInsteadOfSession: true,
cookieEncryptionKeys: [
{ 'key': '12345678901234567890123456789012', 'iv': '123456789012' },
{ 'key': 'abcdefghijklmnopqrstuvwxyzabcdef', 'iv': 'abcdefghijkl' }
],
scope: ['profile', 'OnlineMeetings.ReadWrite', 'Calendars.ReadWrite', 'People.Read.All'],
loggingLevel: 'info',
nonceLifetime: null,
nonceMaxAmount: 5,
clockSkew: null
}, function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, done) {
if (!profile.oid) {
return done(new Error("No oid found"), null);
}
console.log(`iss: ${iss}`);
console.log(`sub: ${sub}`);
console.log(`profile: ${JSON.stringify(profile)}`);
console.log(`accessToken: ${accessToken}`);
console.log(`jwtClaims: ${JSON.stringify(jwtClaims)}`);
console.log(`refreshToken: ${refreshToken}`);
console.log(`params: ${params}`);
process.nextTick(function () {
findByOid(profile.oid, function (err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
users.push(profile);
return done(null, profile);
}
return done(null, user);
});
})
});
passportModule.use(passport.initialize());
passportModule.use(passport.session());
passport.use(azureOpenIDStrategy);
const passport=require('passport');
const{OIDCStrategy,BearerStrategy}=require('passport-azure-ad');
const passportModule=express.Router();
passport.user(函数(user,done){
完成(null,user.oid);
});
passport.deserializeUser(函数(oid,完成){
findByOid(oid,函数(err,用户){
完成(错误,用户);
});
});
常量用户=[];
const findByOid=函数(oid,fn){
for(var i=0,len=users.length;i
如何使用azure开放id连接策略正确保护路由?在您的请求中附加检索到的令牌(在授权标头中,格式为:
“Bearer{access token}”
)和。在您的请求中附加检索到的令牌(在授权标头中,格式为:“Bearer{access token}”
)而且。我试过了。但是它总是重定向到登录页面。@你能分享你的身份验证配置代码吗?我试过了。但它总是重定向到登录页面。@您可以共享您的身份验证配置代码吗?