使用PassportJS和Express重定向后如何保留会话数据
[英]How to keep session data after redirect with PassportJS & Express
问题描述
I'm trying to redirect user to the originally issued URL after authenticating them to our own oauth2 server. 
在将用户验证到我们自己的oauth2服务器后,我尝试将用户重定向到最初发布的URL。 To do so I've read that it is possible to store data in the session object attached to the request. 为此,我读到可以将数据存储在附加到请求的会话对象中。 However I'm losing the data after the first redirect and consequently user are redirected to the fallback URL I provided. 但是,在第一次重定向后,我丢失了数据,因此用户被重定向到我提供的后备URL。
Here is the code that initialize the app 这是初始化应用程序的代码
const express = require('express');
const bodyParser = require('body-parser');
const cors = require('cors');
const session = require('express-session');
const cookieParser = require('cookie-parser');
const auth = require('./auth');
const app = express();
const router = express.Router();
app.use(cookieParser());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(cors());
app.use(session({
secret: 'keyboard cat',
cookie: {
secure: true,
maxAge: 36000000
},
resave: false,
saveUninitialized: true
}));
auth.config(app);
app.get('/', (req, res) => res.json({ message: 'root' }));
app.get('/failure', (req, res) => res.json({ message: 'fail' }));
// load all the routes
require('../routes/posts')(router, auth);
app.use('/api', router);
app.use('/auth', auth.router);
The auth module is as follows : auth模块如下:
const express = require('express');
const passport = require('passport');
const router = express.Router();
module.exports = {
config (app) {
passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((obj, done) => done(null, obj));
passport.use(new OAuth2Strategy({
authorizationURL,
tokenURL,
clientID,
clientSecret,
callbackURL
},
onAuthorize
));
app.use(passport.initialize());
app.use(passport.session());
router.get('/uaa', passport.authenticate('oauth2'));
router.get('/oauth/callback', passport.authenticate('oauth2'), (req, res) => {
req.session.save(err => {
if (err) throw err;
res.redirect(req.session.redirectTo || '/');
});
});
},
ensureAuthenticated (req, res, next) {
if (req.isAuthenticated()) return next();
if (!req.session.redirectTo) req.session.redirectTo = req.originalUrl;
req.session.save(err => {
if (err) return next(err);
res.redirect('/auth/uaa');
});
},
router
};
And now if on the browser I request http://localhost:3333/api/questions (the matching route descrition is router.route('/questions').get(auth.ensureAuthenticated, PostController.questions.getAll) ) I land in the ensureAuthenticated function which stores the initial route ( /api/questions ) but when I land in the final handler for my oauth2 callback, req.session.redirectTo does not exists. 现在,如果在浏览器上我请求http://localhost:3333/api/questions (匹配的路由描述是router.route('/questions').get(auth.ensureAuthenticated, PostController.questions.getAll) ),我就登陆了在ensureAuthenticated函数中,该函数存储初始路由( /api/questions ),但是当我进入oauth2回调的最终处理程序时, req.session.redirectTo不存在。 In fact it no longer exist right after the redirection to /auth/uaa . 实际上,在重定向到/auth/uaa之后,它不再存在。
- Am I configuring something wrong ? 我配置错了吗?
- Are my router declarations okay ? 我的路由器声明可以吗?
- Why can't I access the data I previously stored ? 为什么我不能访问以前存储的数据?
Thank you. 谢谢。
1 个解决方案
解决方案1
0 已采纳 2017-03-07 11:36:36
这里的问题是我在通过HTTP提供内容时指定了一个安全cookie。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.