使用nodejs创建OAuth2服务器
[英]OAuth2 server creation with nodejs
问题描述
I m actually studying REST Apis security, and it seems that many people are using OAuth2 and OpenId protocoles to manage authentication. 
我实际上正在研究REST Apis安全性,似乎很多人都在使用OAuth2和OpenId协议来管理身份验证。
I have tried to implement two OAuth2 server using : 我尝试使用以下方法实现两个OAuth2服务器:
http://passportjs.org/ for the client side and https://github.com/jaredhanson/oauth2orize for the server side
http://passportjs.org/用于客户端, https://github.com/jaredhanson/oauth2orize用于服务器端 https://www.npmjs.org/package/node-oauth2-server
https://www.npmjs.org/package/node-oauth2-server
For the first solution, running the examples is working correctly but I need to make something stateless (and in the example the author uses sessions...) 对于第一个解决方案,运行示例工作正常但我需要做一些无状态(在示例中作者使用会话...)
Can you help me to create the simplest oauth2 server possible or defaultly explaining me the whole functionnement of these libraries ? 你能帮我创建最简单的oauth2服务器,或默认向我解释这些库的整个功能吗?
Thanks for advance 谢谢你提前
1 个解决方案
解决方案1
26 2016-05-15 06:23:49
I implemented using "oauth2-server": "^3.0.0-b2" 我使用"oauth2-server": "^3.0.0-b2"
var express = require('express');
var oauthServer = require('oauth2-server');
var Request = oauthServer.Request;
var Response = oauthServer.Response;
var authenticate = require('./components/oauth/authenticate')
var app = express();
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
// https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/models.js
var oauth = new oauthServer({
model: require('./models.js')
});
app.all('/oauth/token', function(req,res,next){
var request = new Request(req);
var response = new Response(res);
oauth
.token(request,response)
.then(function(token) {
// Todo: remove unnecessary values in response
return res.json(token)
}).catch(function(err){
return res.status( 500).json(err)
})
});
app.post('/authorise', function(req, res){
var request = new Request(req);
var response = new Response(res);
return oauth.authorize(request, response).then(function(success) {
res.json(success)
}).catch(function(err){
res.status(err.code || 500).json(err)
})
});
app.get('/secure', authenticate(), function(req,res){
res.json({message: 'Secure data'})
});
app.get('/me', authenticate(), function(req,res){
res.json({
me: req.user,
messsage: 'Authorization success, Without Scopes, Try accessing /profile with `profile` scope',
description: 'Try postman https://www.getpostman.com/collections/37afd82600127fbeef28',
more: 'pass `profile` scope while Authorize'
})
});
app.get('/profile', authenticate({scope:'profile'}), function(req,res){
res.json({
profile: req.user
})
});
app.listen(3000);
To simulate, Use Postman: https://www.getpostman.com/collections/37afd82600127fbeef28 要模拟,请使用Postman: https : //www.getpostman.com/collections/37afd82600127fbeef28
MySQL/PostgreSQL/MSSQL Compatiable: https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/models.js MySQL / PostgreSQL / MSSQL兼容: https : //github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/models.js
MySQL DDL: https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/sql/oauth_demo.sql MySQL DDL: https : //github.com/manjeshpv/node-oauth2-server-implementation/blob/master/sql/oauth_demo.sql
Mongo Dumps: https://github.com/manjeshpv/node-oauth2-server-implementation/tree/master/mongo-dump Mongo转储: https : //github.com/manjeshpv/node-oauth2-server-implementation/tree/master/mongo-dump
Note that they have an issue there with the validateScope function needs to be replaced with: 请注意,他们遇到问题,validateScope函数需要替换为:
function validateScope(user, client) {
return user.scope === client.scope
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.