简体繁体 English

Strongloop Passport.js身份验证-“无法获取访问令牌”

[英]Strongloop Passport.js authentication - “Failed to obtain access token”

原文 2016-05-01 15:40:07 4 2 javascript/ node.js/ oauth/ passport.js/ loopbackjs

I'm trying to write an Express/Passport app that authenticates with a Github Enterprise server. 我正在尝试编写一个通过Github Enterprise服务器进行身份验证的Express / Passport应用。 This has required manually-editing the github-strategy for passport to point to the private enterprise API endpoints. 这需要手动编辑护照的github策略以指向私有企业API端点。 No biggie there. 那里没有大佬。

I'm using Strongloop to build the application, so I'm using the strongloop-passport-component integration. 我正在使用Strongloop来构建应用程序，因此我正在使用strongloop-passport-component集成。

As far as I can tell the app is configured properly, but on redirect, I get the following error message: 据我所知，该应用程序已正确配置，但是在重定向时，我收到以下错误消息：

Loopback 500 InternalOAuthError: Failed to obtain access token at Strategy.OAuth2Strategy._createOAuthError (/Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/lib/strategy.js:370:17) at /Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/lib/strategy.js:166:45 at /Users/Tom/Desktop/soundoff/node_modules/passport-github/lib/strategy.js:75:25 at /Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:177:18 at ClientRequest. 环回500 InternalOAuthError：无法在/ Users处的Strategy.OAuth2Strategy._createOAuthError（/Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/lib/strategy.js:370:17）获取访问令牌在/Users/Tom/Desktop/soundoff/node_modules/passport-github/lib/strategy.js上的/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/lib/strategy.js:166:45： 75:25，位于ClientRequest的/Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:177:18。 (/Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:148:5) at emitOne (events.js:90:13) at ClientRequest.emit (events.js:182:7) at TLSSocket.socketErrorListener (_http_client.js:262:9) at emitOne (events.js:90:13) at TLSSocket.emit (events.js:182:7) （/Users/Tom/Desktop/soundoff/node_modules/passport-github/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:148:5），位于ClientRequest的emitOne（events.js：90：13）。在TLSSocket.emit（events.js：182：7）在emitOne（events.js：90：13）在TLSSocket.socketErrorListener（_http_client.js：262：9）处发出（events.js：182：7）

If I look at the github app settings, I can verify that the user successfully authenticated with the app. 如果我查看github应用程序设置，则可以验证用户是否已成功通过该应用程序进行身份验证。 It just seems to fail to redirect the user to the redirect URI. 似乎无法将用户重定向到重定向URI。 aparrently it cannot find the access token? 相应地，它找不到访问令牌？

The URL the user ends up on is something like http://0.0.0.0:3000/auth/github/callback?code=dceef2ffe07b5dbfa194 -- however, I expect them to end up on http://0.0.0.0:3000/auth/account . 用户最终使用的URL类似于http://0.0.0.0:3000/auth/github/callback?code=dceef2ffe07b5dbfa194但是，我希望他们最终使用http://0.0.0.0:3000/auth/account 。

What could be causing Loopback to not find the access token? 是什么原因导致环回找不到访问令牌？ Isn't it in the url ?code= ? 它不是在URL ?code=吗？

2 个解决方案

Solution was to not use strongloop-passport-component, unfortunately. 不幸的是，解决方案是不使用strongloop-passport-component。 Developer has been unresponsive and doesn't look like this will be fixed. 开发人员反应迟钝，看起来不会得到解决。

It can fail to obtain the access token if the temporary token (here, dceef2ffe07b5dbfa194 ) is not valid. 如果临时令牌（此处为dceef2ffe07b5dbfa194 ）无效，则可能无法获取访问令牌。

It is possible that in your modified github-strategy, the second phase of the OAuth flow where the temporary token is exchanged for a final token, is not configured properly, most likely requesting main github api instead of your enterprise github api for token exchange 可能是在您修改的github策略中，未正确配置OAuth流的第二阶段，在该阶段中临时令牌被交换为最终令牌，很可能是请求主github api而不是您的企业github api进行令牌交换