node.js - passport-azure-ad 始终重定向到 failureRedirect 但未显示错误(nodejs)
问题描述
按照本教程,我已经构建了我的 azure 广告登录以使用图形 api https://docs.microsoft.com/en-us/graph/tutorials/node?tutorial-step=3
来自 azure 的响应给我看,我找不到任何错误消息,但它总是触发失败重定向,因此它不会继续使用 signInComplete 函数。
我无法弄清楚出了什么问题。任何提示我至少可以了解是什么触发了 failureRedirect?
// Callback function called once the sign-in is complete
// and an access token has been obtained
async function signInComplete(iss, sub, profile, accessToken, refreshToken, params, done) {
logger.debug("signInComplete function called")
if (!profile.oid) {
logger.error("No OID found in user profile.")
return done(new Error("No OID found in user profile."));
}
return done(null);
}
// Configure OIDC strategy
passport.use(new OIDCStrategy(
{
identityMetadata: `${config.OAUTH_AUTHORITY}${config.OAUTH_ID_METADATA}`,
clientID: config.OAUTH_APP_ID,
responseType: 'code id_token',
responseMode: 'form_post',
redirectUrl: config.OAUTH_REDIRECT_URI,
allowHttpForRedirectUrl: true,
clientSecret: config.OAUTH_APP_PASSWORD,
validateIssuer: false,
passReqToCallback: false,
scope: config.OAUTH_SCOPES.split(' '),
loggingLevel: 'warn'
},
signInComplete
));
office365Signin: function (req, res, next) {
passport.authenticate('azuread-openidconnect',
{
response: res,
prompt: 'login',
failureRedirect: '/',
failureFlash: true,
successRedirect: '/'
}
)(req,res,next);
},
office365SigninCallback: function(req, res, next) {
passport.authenticate('azuread-openidconnect',
{
response: res,
failureRedirect: process.env.FRONTEND_URL+'fail',
failureFlash: true,
successRedirect: process.env.FRONTEND_URL
}
)(req,res, next);
//failureRedirect gets always trigger even if the req.body looks correct and no error message is send
//Therefore we just check the body and trigger next if the body looks correct
var util = require('util');
logger.debug("office365SigninCallback res: "+util.inspect(res.req.body));
if (res.req.body.code && res.req.body.id_token) {
logger.debug("req.body seems correct there");
}
},
记录器 office365SigninCallback res.req.body 输出:
office365SigninCallback res: { code: 'OAQABAAIAAAAm-06blBE1TpVMil8KPQ41qTM1deUhK_bLgEaGpsiIg5_3sa0ZNEBusd3m4rpBCrXflEsSvEtyjWWzqDhQ_9MybvYdqiR5B2FB59Msd7g8uL5YFcAExrGDqLzYo8xVIaZexHej_K3gDdJFfXbZZsiL6umdepdEXa1pyPIv4S8xVRHPcTyoB80RxpPp97uBCZagR7WstIF0QkfauUxklwlmOygAWjFvIMTuSijkkVZZ-04MbSX6wT3vBwJmQ2-kj6x_W_9fdCbYtdavgR6ZlYKtdiAxVm-3qULweEfvFo8RVC5xV2wdaPKqqYh41lcAq_1NHCiTdUcmmxbk8177WGzabDbH-rM-jRzORamSbLg_0vF48KWqu9zSgiCTX4RW556akFo6pcSkpriJWZH1aVl1cSMTWM64zb9tRM08O7hJ9YyFGTM-n6RpIiA3h9-Xh1E_TEZ8sG0noVId3yN8-gJXZ-pEB7Bur8s5C3DFOOlPgqgdEDj16tM8Wg0RinaL8P1BJ18k_Y_pr-huHMzhKaVCLYCX1Urq8fDomv0UAVchDQNIjdQ5PfiiYIT-0GYYzR5BB_5wGKJgwZypae89RRXpNJw-XOY5dv10jsUk3jEHRXW5xle2HtpM5DgCs6VbuxwVuaJfrRhfNdy7WkoOT3caV-4qTYfpfqwKvX_YtdD15RMpg-BVZQyI8b12meomlHdRi2aiqwqpTfJas0mrE7jHeScQErWx0qWAhvnZS8JJbauJGbXvjCbl2Tcoh19ngaggAA',
id_token:
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkN0VHVoTUptRDVNN0RMZHpEMnYyeDNRS1NSWSJ9.eyJhdWQiOiI1YTYxYTMwZC00MTAyLTQwMGUtYTVmNS05NDJlYzAxNDE3ODciLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZTFkMDE4YTktOWRlZC00Yjg4LTllYTItNDJkYTAwY2Q1ZjVhL3YyLjAiLCJpYrRVl4UHJjRk9aVk5tX1N6UHNyX0ZrIiwib2lkIjoiZXQiOjE1ODk4ODA3MTIsIm5iZiI6MTU4OTg4MDcxMiwiZXhwIjoxNTg5ODg0NjEyLCJhaW8iOiJBVFFBeS84UEFBQUEzb0dsSkdWK1dYYlE0elZJNHZic2ZnejZvUWZqYy9XUkNtS1QrYlRORHVjM2dYdll4L3F4OTdEMm5VeTRUUUxNIiwiY19oYXNoIjoiU1k4alM1ZjlxMkg4TU9oSmVIcjNhQSIsIm5hbWUiOiJUaW0gU3RlaW4iLCJub25jZSI6IkZfWjctTmpGSU5jgyYWRkNGMtOGM2MS00YjYxLWJmYWItZmQzNmE2YzY0MjY5IiwicHJlZmVycmVkX3VzZXJuYW1lIjoidHN0ZWluQFZBTlRBLklPIiwic3ViIjoiZ3Q3RExJZ1Y0MEJDZlRxRXhhSlM5Z09qcjhlRWU3TFF0cTJLQk9yNThmbyIsInRpZCI6ImUxZDAxOGE5LTlkZWQtNGI4OC05ZWEyLTQyZGEwMGNkNWY1YSIsInV0aSI6IjlyRHBOM0hBLTAtU3Y2T25XWmpVQUEiLCJ2ZXIiOiIyLjAifQ.uCG5x4cesT2925Kr_lXloYWxgIsPfsRX2FKd4t8ASDeQXg9PdvjTsTvnzzBqFDtW77obSX7bO75a-0XjA9TIh4-kMTgJWm8PlnHCWaHRQgfNlTmjp99oUf0msZx6OhyZ0-xFMMe6DTShFfBhHjF2ds17zw-oynv6PaygSox4s94qvL2e8ULi2wfpm4AYQwxXeUQba9dhoQu8AsCozY-6NyWIGc2alzg7TK5qBpuY16BScGsUkmChGFZ9lF9vD-uM8x0JYg0G6Uvc_aDNIWnt9B7VRH-U9sIFXtL9doaJXvRl2aPQnj6x0rtfgfJ4zonrJZQEn7e8y7XPIcnU0gMO9g',
state: 'GNy7cIjlBvfga4FhQiapnWnDAn8itXtk',
session_state: 'c88bace3-4039-9922-6f06-dcd6ba1a62ac' }
根据文档,我的响应看起来是正确的: https ://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
解决方案
我直接从我的一个生产项目中获取此代码。我之前遇到过类似的问题,但是当我们done
出于某种原因调整回调时,它会自行解决。
也许这可以作为一个例子。
Passport.js
'use strict';
//Dependencies
const passport = require('passport');
const OIDCStrategy = require('passport-azure-ad').OIDCStrategy;
//Custom Modules
const msService = require('./msService');
const DB_Connection = require('../dbConnection');
//DB Setting
require('../models/MS_User');
const User_DB = DB_Connection.model('user');
//Winston Logger
const logger = require('../log');
const passLog = logger.get('passportLog');
//Azure AD Creds
const loginCredentials = require('../creds/oicdCreds');
// Session
//Take in outlook id => keep the session data small
passport.serializeUser((outlookid, done) => {
done(null, outlookid);
});
//Deserialize when needed by querying the DB for full user details
passport.deserializeUser((outlookid, done) => {
User_DB.findOne({ outlookId: outlookid })
.then(user => {
done(null, user);
})
.catch(err => passLog.error(`Error Deserializing User: ${outlookid}:` + ' ' + err));
});
//Export the passport module
module.exports = (passport) => {
//OpenIdConnect
passport.use(new OIDCStrategy(loginCredentials,
//Verify callback for passReqToCallback: false
(iss, sub, profile, access_token, refresh_token, params, done) => {
//Get Calendar ID
msService.getCalId(access_token, calId => {
//Create or update the user
User_DB.findOneAndUpdate({ outlookId: profile.oid }, {
name: profile.displayName,
outlookId: profile.oid,
email: profile._json.email,
lastLogin: profile._json.ipaddr,
accessToken: access_token,
calId: calId
}, { upsert: true, returnNewDocument: false })
.catch(err => passLog.error(`Error Adding / Rnewing User: ${profile.oid}:` + ' ' + err));
//Return Profile ID for Serialization
done(null, profile.oid);
});
}));
};
路线
//AD OpenIdConenct
//Login
router.get('/auth/outlook/login',
//Using MS Azure OpenId Connect strategy (passport)
passport.authenticate('azuread-openidconnect')
);
//Callback Handling
//Using MS Azure OpenId Connect strategy (passport)
router.post('/auth/outlook/callback', passport.authenticate('azuread-openidconnect', { failureRedirect: '/auth/outlook/login' }), (req, res) => {
//Redis
client.keys('*', (err, keys) => {
sessionLog.info(`Login Active Session: ${keys.length}`);
});
res.redirect('/profile_info');
}
);
推荐阅读
- sql-server - 在映射到标量函数的默认值中获取 @@identity 或 Scope_identity()
- mysql - 如何在 SQL 中表示浮点值
- python - TypeError: 'module' object is not callable error using Selenium ChromeDriver Chrome with Python
- python - 将4行数据读入一行pandas数据框
- cube - 为什么构建多维数据集时日志总是显示“无可用数据”?
- python - Why does rounding the floating-point number 1.4999999999999999 produce 2?
- php - 在帮助文件中调用函数
- c++ - 如何委托给实现类
- javascript - 如何按“包含”对数组进行排序?
- r - 如何通过计数数据在 R 中创建 100% 堆积条形图?