Node.js 用户登录后,页面刷新对Passport js无效
我使用下面的代码使用passport js对用户进行身份验证Node.js 用户登录后,页面刷新对Passport js无效,node.js,authentication,express,passport.js,Node.js,Authentication,Express,Passport.js,我使用下面的代码使用passport js对用户进行身份验证 /** * Module dependencies. */ var express = require('express') , routes = require('./routes') , http = require('http') , path = require('path'); var app = express(); var config = require('./config'); var Use
/**
* Module dependencies.
*/
var express = require('express')
, routes = require('./routes')
, http = require('http')
, path = require('path');
var app = express();
var config = require('./config');
var User = require('./models/user');
var passport = require('passport'),
FacebookStrategy = require('passport-facebook').Strategy;
//setting up passport
passport.serializeUser(function(user, done){
done(null, user.id);
});
passport.deserializeUser(function(id, done){
User.findById(id, function(err, user){
done(err, user);
});
});
passport.use(new FacebookStrategy({
clientID: config.development.fb.appid,
clientSecret: config.development.fb.appSecret,
callbackURL: config.development.fb.url + 'fbauthed'
},
function (accessToken, refreshToken, profile, done) {
User.findOne({
'fbId': profile.id
}, function (err, oldUser) {
if (oldUser) {
console.log('Existing user: ' + oldUser.name + ' found and logged in');
done(null, oldUser);
} else {
var newUser = new User();
newUser.fbId = profile.id;
newUser.name = profile.displayName;
newUser.email = profile.emails[0].value;
newUser.username = profile.username;
console.log(profile);
newUser.save(function (err) {
if (err) throw err;
console.log('New user:' + newUser.name + 'created and logged in');
done(null, newUser);
});
}
});
}
));
app.configure(function(){
app.set('port', process.env.PORT || 5000);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.cookieParser());
app.use(express.session({secret: 'big secret'}));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
});
app.configure('development', function(){
app.use(express.errorHandler());
});
app.get('/', routes.index);
app.get('/fbauth', passport.authenticate('facebook', {scope: 'email'}));
app.get('/fbauthed', passport.authenticate('facebook',{ failureRedirect: '/'}), routes.loggedin);
app.get('/logout', function(req,res){
req.logOut();
res.redirect('/');
});
//app.get('/users', user.list);
http.createServer(app).listen(app.get('port'), function(){
console.log("Express server listening on port " + app.get('port'));
});
上面的代码在用户进行身份验证时非常有用,但是在身份验证之后,页面刷新会引发如下错误
Express
500 failed to obtain access token (status: 400 data: {"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}})
at /home/colm/javascript/facebookauth/node_modules/passport-facebook/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth2.js:125:38
at exports.OAuth2.getOAuthAccessToken (/home/colm/javascript/facebookauth/node_modules/passport-facebook/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:131:18)
at passBackControl (/home/colm/javascript/facebookauth/node_modules/passport-facebook/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:77:9)
at IncomingMessage.exports.OAuth2._request.request.on.callbackCalled (/home/colm/javascript/facebookauth/node_modules/passport-facebook/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:94:7)
at IncomingMessage.EventEmitter.emit (events.js:126:20)
at IncomingMessage._emitEnd (http.js:366:10)
at HTTPParser.parserOnMessageComplete [as onMessageComplete] (http.js:149:23)
at CleartextStream.socketOnData [as ondata] (http.js:1447:20)
at CleartextStream.CryptoStream._push (tls.js:544:27)
at SecurePair.cycle (tls.js:898:20)
是什么原因导致此问题,如何解决此问题?
任何帮助都会很好。谢谢。用于处理FB回调的路由只应发出重定向(如果身份验证失败,返回登录页面,或者在身份验证成功时返回“登录”页面) 您正在调用
routes.loggedin
来处理该路由(如果成功):
这会将FB传递的所有令牌保留在URL中,从而生成“此授权代码已被使用”消息
所以试试这个:
app.get('/loggedin', ensureLoggedIn('/'), routes.loggedin); // see below
app.get('/fbauthed', passport.authenticate('facebook',{
failureRedirect: '/',
successRedirect: '/loggedin'
}));
是一个中间件,它将检查用户是否登录,如果未登录,将重定向到
/
(或任何您喜欢的URL)。错误消息告诉您原因是什么……CBroe也许下次我应该更仔细地阅读它们!谢谢罗伯特克莱普。你好,robertklep,我应该使用passport.authenticate()还是req.isAuthenticated()来检查isLoggin?@AquariusSpotter纯粹使用passport,我想你只能检查是否存在req.user
来检查请求是否属于登录用户。
app.get('/loggedin', ensureLoggedIn('/'), routes.loggedin); // see below
app.get('/fbauthed', passport.authenticate('facebook',{
failureRedirect: '/',
successRedirect: '/loggedin'
}));